Problem Description:
Multiple security vulnerabilities have been discovered in the Heimdal
implementation of the Kerberos 5 network authentication
protocols and KDC.
- CVE-2022-42898 PAC parse integer overflows
- CVE-2022-3437 Overflows and non-constant time leaks in DES{,3} and arcfour
- CVE-2021-44758 NULL dereference DoS in SPNEGO acceptors
- CVE-2022-44640 Heimdal KDC: invalid free in ASN.1 codec
- CVE-2019-14870 Validate client attributes in protocol-transition
- CVE-2019-14870 Apply forwardable policy in protocol-transition
- CVE-2019-14870 Always lookup impersonate client in DB
Impact:
A malicious actor with control of the network between a client and a
service using Kerberos for authentication can impersonate either the
client or the service, enabling a man-in-the-middle (MITM) attack
circumventing mutual authentication.
Note that, while CVE-2022-44640 is a severe vulnerability, possibly
enabling remote code execution on other platforms, the version of
Heimdal included with the FreeBSD base system cannot be exploited in
this way on FreeBSD.