SB2017122922 - NULL pointer dereference in heimdal (Alpine package)
Published: December 29, 2017
Security Bulletin ID
SB2017122922
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2017-17439)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault. This is related to the _kdc_as_rep function in kdc/kerberos5.c and the der_length_visible_string function in lib/asn1/der_length.c.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=7f6e6b03d2536a389bb79a29915bd3a8fe881517
- https://git.alpinelinux.org/aports/commit/?id=e6b1fa7dad551ad0f3cbb54319d7b8d38ed40ddb
- https://git.alpinelinux.org/aports/commit/?id=aa2d24fab1e16e497512004aa40a11c032fcab73
- https://git.alpinelinux.org/aports/commit/?id=d7f01c593b1ee60783bd9bf1b13f1ef234896a10
- https://git.alpinelinux.org/aports/commit/?id=098600ef518cef710f190712a9a7be6b53179d5c
- https://git.alpinelinux.org/aports/commit/?id=5f79fcd7bde881eaef40a645eff0b6bd42f272a4