SB2017092403 - Multiple vulnerabilities in MIT Kerberos
Published: October 19, 2017
Security Bulletin ID
SB2017092403
CSH Severity
High
Patch available
YES
Number of vulnerabilities
2
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 vulnerabilities.
1) Double free error (CVE-ID: CVE-2017-11462)
CWE-ID: CWE-415 - Double Free
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.
The weakness exists due to double free during the automatic deletion of security contexts on error by the GSS-API. A remote attacker can delete an existing security context on a second or subsequent call to gss_init_sec_context() or gss_accept_sec_context(), trigger memory corruption and cause denial of service or execute arbitrary code.
2) Denial of service (CVE-ID: CVE-2017-11368)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The weakness exists due to an assertion failure. A remote attacker can send invalid S4U2Self or S4U2Proxy requests and cause the krb5kdc service to exit on a targeted system.
Successful exploitation of the vulnerability results in denial of service.
Remediation
Install update from vendor's website.