ALAS-2015-518 --- krb5ID: oval:org.secpod.oval:def:1200085 | Date: (C)2015-12-29 (M)2023-12-07 |
Class: PATCH | Family: unix |
A use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5 library processed valid context deletion tokens. An attacker able to make an application using the GSS-API library could call the gss_process_context_token function and use this flaw to crash that application. If kadmind were used with an LDAP back end for the KDC database, a remote, authenticated attacker who has the permissions to set the password policy could crash kadmind by attempting to use a named ticket policy object as a password policy for a principal. It was found that the krb5_read_message function of MIT Kerberos did not correctly sanitize input, and could create invalid krb5_data objects. A remote, unauthenticated attacker could use this flaw to crash a Kerberos child process via a specially crafted request. A double-free flaw was found in the way MIT Kerberos handled invalid External Data Representation data. An authenticated user could use this flaw to crash the MIT Kerberos administration server , or other applications using Kerberos libraries, via specially crafted XDR packets. It was found that the MIT Kerberos administration server incorrectly accepted certain authentication requests for two-component server principal names. A remote attacker able to acquire a key with a particularly named principal could use this flaw to impersonate any user to kadmind, and perform administrative actions as that user
Platform: |
Amazon Linux AMI |