Debian DSA-5287-1 : heimdal - security update

critical Nessus Plugin ID 168145

Synopsis

The remote Debian host is missing one or more security-related updates.

Description

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5287 advisory.

- A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). An authenticated user could use this flaw to crash the samba server.
(CVE-2021-3671)

- Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferred_mech_type of GSS_C_NO_OID and a nonzero initial_response value to send_accept. (CVE-2021-44758)

- A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack. (CVE-2022-3437)

- Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal's libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue. (CVE-2022-41916)

- PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has a similar bug.
(CVE-2022-42898)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade the heimdal packages.

For the stable distribution (bullseye), these problems have been fixed in version 7.7.0+dfsg-2+deb11u2.

See Also

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=996586

https://security-tracker.debian.org/tracker/source-package/heimdal

https://www.debian.org/security/2022/dsa-5287

https://security-tracker.debian.org/tracker/CVE-2021-3671

https://security-tracker.debian.org/tracker/CVE-2021-44758

https://security-tracker.debian.org/tracker/CVE-2022-3437

https://security-tracker.debian.org/tracker/CVE-2022-41916

https://security-tracker.debian.org/tracker/CVE-2022-42898

https://security-tracker.debian.org/tracker/CVE-2022-44640

https://packages.debian.org/source/bullseye/heimdal

Plugin Details

Severity: Critical

ID: 168145

File Name: debian_DSA-5287.nasl

Version: 1.5

Type: local

Agent: unix

Published: 11/23/2022

Updated: 10/2/2023

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 4

Temporal Score: 3.1

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS Score Source: CVE-2021-3671

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2022-44640

Vulnerability Information

CPE: cpe:/o:debian:debian_linux:11.0, p-cpe:/a:debian:debian_linux:heimdal-dev, p-cpe:/a:debian:debian_linux:heimdal-multidev, p-cpe:/a:debian:debian_linux:libotp0-heimdal, p-cpe:/a:debian:debian_linux:heimdal-docs, p-cpe:/a:debian:debian_linux:libkafs0-heimdal, p-cpe:/a:debian:debian_linux:heimdal-kdc, p-cpe:/a:debian:debian_linux:libheimntlm0-heimdal, p-cpe:/a:debian:debian_linux:libhx509-5-heimdal, p-cpe:/a:debian:debian_linux:libheimbase1-heimdal, p-cpe:/a:debian:debian_linux:libgssapi3-heimdal, p-cpe:/a:debian:debian_linux:libkdc2-heimdal, p-cpe:/a:debian:debian_linux:libasn1-8-heimdal, p-cpe:/a:debian:debian_linux:heimdal-servers, p-cpe:/a:debian:debian_linux:libkadm5clnt7-heimdal, p-cpe:/a:debian:debian_linux:libkrb5-26-heimdal, p-cpe:/a:debian:debian_linux:heimdal-kcm, p-cpe:/a:debian:debian_linux:libhdb9-heimdal, p-cpe:/a:debian:debian_linux:libkadm5srv8-heimdal, p-cpe:/a:debian:debian_linux:libsl0-heimdal, p-cpe:/a:debian:debian_linux:libhcrypto4-heimdal, p-cpe:/a:debian:debian_linux:libwind0-heimdal, p-cpe:/a:debian:debian_linux:heimdal-clients, p-cpe:/a:debian:debian_linux:libroken18-heimdal

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/22/2022

Vulnerability Publication Date: 10/12/2021

Reference Information

CVE: CVE-2021-3671, CVE-2021-44758, CVE-2022-3437, CVE-2022-41916, CVE-2022-42898, CVE-2022-44640