FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

krb5 -- Multiple vulnerabilities

Affected packages
krb5 < 1.14.6
1.15 <= krb5 < 1.15.2
krb5-devel < 1.14.6
1.15 <= krb5-devel < 1.15.2
krb5-115 < 1.15.2
krb5-114 < 1.14.6
krb5-113 < 1.14.6

Details

VuXML ID 3f3837cc-48fb-4414-aa46-5b1c23c9feae
Discovery 2017-07-14
Entry 2017-10-18

MIT reports:

CVE-2017-11368:

In MIT krb5 1.7 and later, an authenticated attacker can cause an assertion failure in krb5kdc by sending an invalid S4U2Self or S4U2Proxy request.

CVE-2017-11462:

RFC 2744 permits a GSS-API implementation to delete an existing security context on a second or subsequent call to gss_init_sec_context() or gss_accept_sec_context() if the call results in an error. This API behavior has been found to be dangerous, leading to the possibility of memory errors in some callers. For safety, GSS-API implementations should instead preserve existing security contexts on error until the caller deletes them.

All versions of MIT krb5 prior to this change may delete acceptor contexts on error. Versions 1.13.4 through 1.13.7, 1.14.1 through 1.14.5, and 1.15 through 1.15.1 may also delete initiator contexts on error.

References

CVE Name CVE-2017-11368
CVE Name CVE-2017-11462
URL https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf
URL https://github.com/krb5/krb5/commit/ffb35baac6981f9e8914f8f3bffd37f284b85970
URL https://krbdev.mit.edu/rt/Ticket/Display.html?id=8598
URL https://krbdev.mit.edu/rt/Ticket/Display.html?id=8599
URL https://nvd.nist.gov/vuln/detail/CVE-2017-11368
URL https://nvd.nist.gov/vuln/detail/CVE-2017-11462