RHEL 6 : krb5 (RHSA-2015:0794)

high Nessus Plugin ID 82656

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

Updated krb5 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC.

The following security issues are fixed with this release :

A use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5 library processed valid context deletion tokens. An attacker able to make an application using the GSS-API library (libgssapi) could call the gss_process_context_token() function and use this flaw to crash that application. (CVE-2014-5352)

If kadmind were used with an LDAP back end for the KDC database, a remote, authenticated attacker who has the permissions to set the password policy could crash kadmind by attempting to use a named ticket policy object as a password policy for a principal.
(CVE-2014-5353)

It was found that the krb5_read_message() function of MIT Kerberos did not correctly sanitize input, and could create invalid krb5_data objects. A remote, unauthenticated attacker could use this flaw to crash a Kerberos child process via a specially crafted request.
(CVE-2014-5355)

A double-free flaw was found in the way MIT Kerberos handled invalid External Data Representation (XDR) data. An authenticated user could use this flaw to crash the MIT Kerberos administration server (kadmind), or other applications using Kerberos libraries, via specially crafted XDR packets. (CVE-2014-9421)

It was found that the MIT Kerberos administration server (kadmind) incorrectly accepted certain authentication requests for two-component server principal names. A remote attacker able to acquire a key with a particularly named principal (such as 'kad/x') could use this flaw to impersonate any user to kadmind, and perform administrative actions as that user. (CVE-2014-9422)

Red Hat would like to thank the MIT Kerberos project for reporting CVE-2014-5352, CVE-2014-9421, and CVE-2014-9422. The MIT Kerberos project acknowledges Nico Williams for assisting with the analysis of CVE-2014-5352.

All krb5 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.

Solution

Update the affected packages.

See Also

https://access.redhat.com/errata/RHSA-2015:0794

https://access.redhat.com/security/cve/cve-2014-9421

https://access.redhat.com/security/cve/cve-2014-5353

https://access.redhat.com/security/cve/cve-2014-5352

https://access.redhat.com/security/cve/cve-2014-9422

https://access.redhat.com/security/cve/cve-2014-5355

Plugin Details

Severity: High

ID: 82656

File Name: redhat-RHSA-2015-0794.nasl

Version: 1.21

Type: local

Agent: unix

Published: 4/9/2015

Updated: 2/5/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:krb5-server-ldap, cpe:/o:redhat:enterprise_linux:6, cpe:/o:redhat:enterprise_linux:6.6, p-cpe:/a:redhat:enterprise_linux:krb5-workstation, p-cpe:/a:redhat:enterprise_linux:krb5-server, p-cpe:/a:redhat:enterprise_linux:krb5-pkinit-openssl, p-cpe:/a:redhat:enterprise_linux:krb5-debuginfo, p-cpe:/a:redhat:enterprise_linux:krb5-libs, p-cpe:/a:redhat:enterprise_linux:krb5-devel

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 4/9/2015

Vulnerability Publication Date: 12/16/2014

Reference Information

CVE: CVE-2014-5352, CVE-2014-5353, CVE-2014-5355, CVE-2014-9421, CVE-2014-9422

BID: 71679, 72494, 72495, 72496

RHSA: 2015:0794