Debian DSA-3000-1 : krb5 - security update

high Nessus Plugin ID 77101

Synopsis

The remote Debian host is missing a security-related update.

Description

Several vulnerabilities were discovered in krb5, the MIT implementation of Kerberos. The Common Vulnerabilities and Exposures project identifies the following problems :

- CVE-2014-4341 An unauthenticated remote attacker with the ability to inject packets into a legitimately established GSSAPI application session can cause a program crash due to invalid memory references when attempting to read beyond the end of a buffer.

- CVE-2014-4342 An unauthenticated remote attacker with the ability to inject packets into a legitimately established GSSAPI application session can cause a program crash due to invalid memory references when reading beyond the end of a buffer or by causing a NULL pointer dereference.

- CVE-2014-4343 An unauthenticated remote attacker with the ability to spoof packets appearing to be from a GSSAPI acceptor can cause a double-free condition in GSSAPI initiators (clients) which are using the SPNEGO mechanism, by returning a different underlying mechanism than was proposed by the initiator. A remote attacker could exploit this flaw to cause an application crash or potentially execute arbitrary code.

- CVE-2014-4344 An unauthenticated or partially authenticated remote attacker can cause a NULL dereference and application crash during a SPNEGO negotiation by sending an empty token as the second or later context token from initiator to acceptor.

- CVE-2014-4345 When kadmind is configured to use LDAP for the KDC database, an authenticated remote attacker can cause it to perform an out-of-bounds write (buffer overflow).

Solution

Upgrade the krb5 packages.

For the stable distribution (wheezy), these problems have been fixed in version 1.10.1+dfsg-5+deb7u2.

See Also

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753624

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753625

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755520

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755521

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=757416

https://security-tracker.debian.org/tracker/CVE-2014-4341

https://security-tracker.debian.org/tracker/CVE-2014-4342

https://security-tracker.debian.org/tracker/CVE-2014-4343

https://security-tracker.debian.org/tracker/CVE-2014-4344

https://security-tracker.debian.org/tracker/CVE-2014-4345

https://packages.debian.org/source/wheezy/krb5

https://www.debian.org/security/2014/dsa-3000

Plugin Details

Severity: High

ID: 77101

File Name: debian_DSA-3000.nasl

Version: 1.16

Type: local

Agent: unix

Published: 8/10/2014

Updated: 1/11/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 8.5

Temporal Score: 6.3

Vector: CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:krb5, cpe:/o:debian:debian_linux:7.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 8/9/2014

Reference Information

CVE: CVE-2014-4341, CVE-2014-4342, CVE-2014-4343, CVE-2014-4344, CVE-2014-4345

BID: 68908, 68909, 69159, 69160

DSA: 3000