PT-2023-8967 · Mit+8 · Mit Kerberos 5+8

Robert Morris

·

Published

2023-07-11

·

Updated

2024-06-15

·

CVE-2023-36054

CVSS v2.0

6.8

Medium

VectorAV:N/AC:L/Au:S/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions MIT Kerberos 5 (aka krb5) versions 1.20.2 and earlier, 1.21.x versions prior to 1.21.1
Description The issue is related to the lib/kadm5/kadm rpc xdr.c file in the Kerberos implementation, where an uninitialized pointer is freed. This can be exploited by a remote authenticated user to trigger a kadmind crash due to the lack of validation between n key data and the key data array count in the xdr kadm5 principal ent rec function.
Recommendations For MIT Kerberos 5 (aka krb5) versions 1.20.2 and earlier, update to version 1.20.2 or later. For MIT Kerberos 5 (aka krb5) 1.21.x versions prior to 1.21.1, update to version 1.21.1 or later. As a temporary workaround, consider restricting access to the vulnerable lib/kadm5/kadm rpc xdr.c module to minimize the risk of exploitation.

Fix

DoS

Access of Uninitialized Pointer

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-824

Related Identifiers

ALSA-2023:6699
ALT-PU-2023-4333
ALT-PU-2023-4585
ALT-PU-2023-4586
ALT-PU-2024-2315
ALT-PU-2024-6715
AZL-27874
BDU:2024-02770
CVE-2023-36054
DLA-3626-1
OESA-2023-1526
OESA-2023-1527
OESA-2023-1528
OESA-2023-1555
OESA-2023-1556
OPENSUSE-SU-2023_3325-1
OPENSUSE-SU-2023_3363-1
OPENSUSE-SU-2024:13050-1
RHSA-2023:6699
RHSA-2023_6699
SUSE-SU-2023:3325-1
SUSE-SU-2023:3363-1
SUSE-SU-2023:3365-1
SUSE-SU-2023:3398-1
SUSE-SU-2023:3434-1
SUSE-SU-2023_3325-1
SUSE-SU-2023_3363-1
SUSE-SU-2023_3365-1
SUSE-SU-2023_3398-1
SUSE-SU-2023_3434-1
USN-6467-1
USN-6467-2

Affected Products

Alt Linux
Almalinux
Astra Linux
Linuxmint
Mit Kerberos 5
Red Hat
Red Os
Suse
Ubuntu