Headline
Debian Security Advisory 5344-1
Debian Linux Security Advisory 5344-1 - Helmut Grohne discovered a flaw in Heimdal, an implementation of Kerberos 5 that aims to be compatible with MIT Kerberos. The backports of fixes for CVE-2022-3437 accidentally inverted important memory comparisons in the arcfour-hmac-md5 and rc4-hmac integrity check handlers for gssapi, resulting in incorrect validation of message integrity codes.
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5344-1 [email protected]://www.debian.org/security/ Salvatore BonaccorsoFebruary 08, 2023 https://www.debian.org/security/faq- -------------------------------------------------------------------------Package : heimdalCVE ID : CVE-2022-45142Debian Bug : 1030849Helmut Grohne discovered a flaw in Heimdal, an implementation ofKerberos 5 that aims to be compatible with MIT Kerberos. The backportsof fixes for CVE-2022-3437 accidentally inverted important memorycomparisons in the arcfour-hmac-md5 and rc4-hmac integrity checkhandlers for gssapi, resulting in incorrect validation of messageintegrity codes.For the stable distribution (bullseye), this problem has been fixed inversion 7.7.0+dfsg-2+deb11u3.We recommend that you upgrade your heimdal packages.For the detailed security status of heimdal please refer to its securitytracker page at:https://security-tracker.debian.org/tracker/heimdalFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: [email protected] PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmPjmWZfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0Rw+RAAjSGizyQ7+71isP3z4Wtj8ZB1JMAjy+x8VfHL5F9Fh6ufV27fiH8WzrAodm4JHFwVRuEYby9JLl0DiHPffwx76TG61/TGLpGR5wcOeB9d7I/WZ5eNm92qEMCgQ4sWpQRmD9L3TvKHoQV088yUUZYhkFedB2GbmabTBwa71FJ089ccvZX/ZvQVBvp/QfFl1IgnNjkkRLdVQxUtMdgvxhkgkGC+gmLT/QxNcGXQX0/joVhw9vhKZahcP1er1nQ34JEyNxogjuBHLCerMvwrJ4wHDLVg0luw8uuCK/hc4q8NxjNzty4ANAk0z6w49X4xJjf7LIHU/lNq25GtY6g9llSIhGVF1W92iPUuh6tTC99/qgmghVfx4Q+GZS+CSfnm23Aj+gXPzhBgcCeeWhzLT8idsk0RsJHAUI7Se/YCU/JnwunwS2LGuDiwO4e9GdQyTY5jN0a/9K7nl3g6l+VZbEvoHlqdbJIOZGckUlwQRpiMRBMvKKXj8sF4a9TWbcKOjUzp9TPDbtsfEBOrnUHnkar87aBliaWSr4uE320+9rPpgycSBwViAHnuC1ayXGSiNmKaAYGyKdHWCPuawpVnPiCTQ+dVQuEw48uvLfgHf97Erdw919XRrKiyDtEGhWTtki4dF9jWIESk9ba/bIavk7emo3Tny5h6PS1l/MV8Ior6S7k=naJG-----END PGP SIGNATURE-----
Related news
Gentoo Linux Security Advisory 202310-6 - Multiple vulnerabilities have been discovered in Heimdal, the worst of which could lead to remote code execution on a KDC. Versions greater than or equal to 7.8.0-r1 are affected.
Gentoo Linux Security Advisory 202309-6 - Multiple vulnerabilities have been discovered in Samba, the worst of which could result in root remote code execution. Versions greater than or equal to 4.18.4 are affected.
Ubuntu Security Notice 5936-1 - Evgeny Legerov discovered that Samba incorrectly handled buffers in certain GSSAPI routines of Heimdal. A remote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service. Tom Tervoort discovered that Samba incorrectly used weak rc4-hmac Kerberos keys. A remote attacker could possibly use this issue to elevate privileges.
The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches (and possibly other branches) a logic inversion sneaked in causing the validation of message integrity codes in gssapi/arcfour to be inverted.
Ubuntu Security Notice 5849-1 - Helmut Grohne discovered that Heimdal GSSAPI incorrectly handled logical conditions that are related to memory management operations. An attacker could possibly use this issue to cause a denial of service.
Ubuntu Security Notice 5822-2 - USN-5822-1 fixed vulnerabilities in Samba. The update for Ubuntu 20.04 LTS introduced regressions in certain environments. Pending investigation of these regressions, this update temporarily reverts the security fixes. It was discovered that Samba incorrectly handled the bad password count logic. It was discovered that Samba supported weak RC4/HMAC-MD5 in NetLogon Secure Channel. Greg Hudson discovered that Samba incorrectly handled PAC parsing. Joseph Sutton discovered that Samba could be forced to issue rc4-hmac encrypted Kerberos tickets.
Ubuntu Security Notice 5822-1 - It was discovered that Samba incorrectly handled the bad password count logic. A remote attacker could possibly use this issue to bypass bad passwords lockouts. This issue was only addressed in Ubuntu 22.10. Evgeny Legerov discovered that Samba incorrectly handled buffers in certain GSSAPI routines of Heimdal. A remote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service.
Ubuntu Security Notice 5800-1 - It was discovered that Heimdal incorrectly handled certain SPNEGO tokens. A remote attacker could possibly use this issue to cause a denial of service. Evgeny Legerov discovered that Heimdal incorrectly handled memory when performing certain DES decryption operations. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.
A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack.
Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It’s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. […]
Debian Linux Security Advisory 5287-1 - Several vulnerabilities were discovered in Heimdal, an implementation of Kerberos 5 that aims to be compatible with MIT Kerberos.
A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted image may lead to arbitrary code execution.