#VU29242 Key management errors in heimdal - CVE-2019-12098
Vulnerability identifier: #VU29242
Vulnerability risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-320
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
heimdal
Server applications /
Encryption software
Vendor: Heimdal Software
Description
The vulnerability allows a remote attacker to perform a Man-in-the-Middle (MitM) attack.
The vulnerability exists due to Heimdal fails to verify anonymous PKINIT PA-PKINIT-KX key exchange within the krb5_init_creds_step() function in lib/krb5/init_creds_pw.c. A remote attacker can perform a MitM attack against the Heimdal client.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
heimdal: 7.0.1 - 7.5.0
External links
https://lists.opensuse.org/opensuse-security-announce/2019-07/msg00002.html
https://lists.opensuse.org/opensuse-security-announce/2019-07/msg00003.html
https://lists.opensuse.org/opensuse-security-announce/2019-08/msg00026.html
https://www.h5l.org/pipermail/heimdal-announce/2019-May/000009.html
https://github.com/heimdal/heimdal/commit/2f7f3d9960aa6ea21358bdf3687cee5149aa35cf
https://github.com/heimdal/heimdal/compare/3e58559...bbafe72
https://github.com/heimdal/heimdal/releases/tag/heimdal-7.6.0
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GIXEDVVMPD6ZAJSMI2EZ7FNEIVNWE5PD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SLXXIF4LOQEAEDAF4UGP2AO6WDNTDFUB/
https://seclists.org/bugtraq/2019/Jun/1
https://www.debian.org/security/2019/dsa-4455
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
