Security Information / 2014 / Security Information -- DSA-3000-1 krb5

Debian Security Advisory

DSA-3000-1 krb5 -- security update

Date Reported:

09 Aug 2014

Affected Packages:

krb5

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 753624, Bug 753625, Bug 755520, Bug 755521, Bug 757416.
In Mitre's CVE dictionary: CVE-2014-4341, CVE-2014-4342, CVE-2014-4343, CVE-2014-4344, CVE-2014-4345.

More information:

Several vulnerabilities were discovered in krb5, the MIT implementation of Kerberos. The Common Vulnerabilities and Exposures project identifies the following problems:

• CVE-2014-4341

  An unauthenticated remote attacker with the ability to inject packets into a legitimately established GSSAPI application session can cause a program crash due to invalid memory references when attempting to read beyond the end of a buffer.

• CVE-2014-4342

  An unauthenticated remote attacker with the ability to inject packets into a legitimately established GSSAPI application session can cause a program crash due to invalid memory references when reading beyond the end of a buffer or by causing a null pointer dereference.

• CVE-2014-4343

  An unauthenticated remote attacker with the ability to spoof packets appearing to be from a GSSAPI acceptor can cause a double-free condition in GSSAPI initiators (clients) which are using the SPNEGO mechanism, by returning a different underlying mechanism than was proposed by the initiator. A remote attacker could exploit this flaw to cause an application crash or potentially execute arbitrary code.

• CVE-2014-4344

  An unauthenticated or partially authenticated remote attacker can cause a NULL dereference and application crash during a SPNEGO negotiation by sending an empty token as the second or later context token from initiator to acceptor.

• CVE-2014-4345

  When kadmind is configured to use LDAP for the KDC database, an authenticated remote attacker can cause it to perform an out-of-bounds write (buffer overflow).

For the stable distribution (wheezy), these problems have been fixed in version 1.10.1+dfsg-5+deb7u2.

For the unstable distribution (sid), these problems have been fixed in version 1.12.1+dfsg-7.

We recommend that you upgrade your krb5 packages.