Multiple vulnerabilities in MIT Kerberos

Published: 2017-10-19

Risk	High
Patch available	YES
Number of vulnerabilities	2
CVE-ID	CVE-2017-11462 CVE-2017-11368
CWE-ID	CWE-415 CWE-20
Exploitation vector	Network
Public exploit	N/A
Vulnerable software Subscribe	Kerberos Server applications / Encryption software
Vendor	MIT

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Double free error

EUVDB-ID: #VU8900

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-11462

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.

The weakness exists due to double free during the automatic deletion of security contexts on error by the GSS-API. A remote attacker can delete an existing security context on a second or subsequent call to gss_init_sec_context() or gss_accept_sec_context(), trigger memory corruption and cause denial of service or execute arbitrary code.

Mitigation

Update to version 1.14.6 or 1.15.2.

Vulnerable software versions

Kerberos: 5-1.13.4 - 5-1.15.1

External links

http://krbdev.mit.edu/rt/Ticket/Display.html?id=8598

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Denial of service

EUVDB-ID: #VU8901

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-11368

CWE-ID: CWE-20 - Improper input validation