Ubuntu update for heimdal

Published: 2022-10-13

Risk	Medium
Patch available	YES
Number of vulnerabilities	4
CVE-ID	CVE-2018-16860 CVE-2019-12098 CVE-2021-3671 CVE-2022-3116
CWE-ID	CWE-287 CWE-320 CWE-476
Exploitation vector	Network
Public exploit	N/A
Vulnerable software Subscribe	Ubuntu Operating systems & Components / Operating system heimdal-clients-x (Ubuntu package) Operating systems & Components / Operating system package or component heimdal-servers-x (Ubuntu package) Operating systems & Components / Operating system package or component heimdal-clients (Ubuntu package) Operating systems & Components / Operating system package or component libkrb5-26-heimdal (Ubuntu package) Operating systems & Components / Operating system package or component heimdal-servers (Ubuntu package) Operating systems & Components / Operating system package or component libkdc2-heimdal (Ubuntu package) Operating systems & Components / Operating system package or component heimdal-kdc (Ubuntu package) Operating systems & Components / Operating system package or component heimdal-kcm (Ubuntu package) Operating systems & Components / Operating system package or component libgssapi3-heimdal (Ubuntu package) Operating systems & Components / Operating system package or component
Vendor	Canonical Ltd.

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

1) Improper Authentication

EUVDB-ID: #VU18438

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-16860

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to compromise vulnerable domain.

The vulnerability exists due to an error within the process of obtaining kerberos ticket for a service from the Kerberos Key Distribution Center (KDC) that involves S4U2Self and S4U2Proxy extensions. A remote authenticated user can impersonate another service on the network and obtain elevated privileges within the domain.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable Active Directory implementation.

Mitigation

Update the affected package heimdal to the latest version.

Vulnerable software versions

Ubuntu: 14.04 - 20.04

heimdal-clients-x (Ubuntu package): before Ubuntu Pro (Infra-only)

heimdal-servers-x (Ubuntu package): before Ubuntu Pro (Infra-only)

heimdal-clients (Ubuntu package): before Ubuntu Pro (Infra-only)

libkrb5-26-heimdal (Ubuntu package): before Ubuntu Pro (Infra-only)

heimdal-servers (Ubuntu package): before Ubuntu Pro (Infra-only)

libkdc2-heimdal (Ubuntu package): before Ubuntu Pro (Infra-only)

heimdal-kdc (Ubuntu package): before Ubuntu Pro (Infra-only)

heimdal-kcm (Ubuntu package): before Ubuntu Pro (Infra-only)

libgssapi3-heimdal (Ubuntu package): before Ubuntu Pro (Infra-only)

External links

http://ubuntu.com/security/notices/USN-5675-1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Key management errors

EUVDB-ID: #VU29242

Risk: Low

CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-12098

CWE-ID: CWE-320 - Key Management Errors

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a Man-in-the-Middle (MitM) attack.

The vulnerability exists due to Heimdal fails to verify anonymous PKINIT PA-PKINIT-KX key exchange within the krb5_init_creds_step() function in lib/krb5/init_creds_pw.c. A remote attacker can perform a MitM attack against the Heimdal client.