StarlingX

[Debian] High CVE: CVE-2023-36054 krb5: a remote authenticated user can trigger a kadmind crash

Bug #2038795 reported by Yue Tao
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
Fix Released
High
hqbai

Bug Description

CVE-2023-36054: https://nvd.nist.gov/vuln/detail/CVE-2023-36054

lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.

Base Score: High

Reference:

['krb5-multidev_1.18.3-6+deb11u3_amd64.deb===>krb5-multidev_1.18.3-6+deb11u4_amd64.deb', 'libgssapi-krb5-2_1.18.3-6+deb11u3_amd64.deb===>libgssapi-krb5-2_1.18.3-6+deb11u4_amd64.deb', 'libgssrpc4_1.18.3-6+deb11u3_amd64.deb===>libgssrpc4_1.18.3-6+deb11u4_amd64.deb', 'libk5crypto3_1.18.3-6+deb11u3_amd64.deb===>libk5crypto3_1.18.3-6+deb11u4_amd64.deb', 'libkadm5clnt-mit12_1.18.3-6+deb11u3_amd64.deb===>libkadm5clnt-mit12_1.18.3-6+deb11u4_amd64.deb', 'libkadm5srv-mit12_1.18.3-6+deb11u3_amd64.deb===>libkadm5srv-mit12_1.18.3-6+deb11u4_amd64.deb', 'libkrb5-3_1.18.3-6+deb11u3_amd64.deb===>libkrb5-3_1.18.3-6+deb11u4_amd64.deb', 'libkrb5-dev_1.18.3-6+deb11u3_amd64.deb===>libkrb5-dev_1.18.3-6+deb11u4_amd64.deb', 'libkrb5support0_1.18.3-6+deb11u3_amd64.deb===>libkrb5support0_1.18.3-6+deb11u4_amd64.deb']

CVE References

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tools (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/starlingx/tools/+/899016

Changed in starlingx:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tools (master)

Reviewed: https://review.opendev.org/c/starlingx/tools/+/899016
Committed: https://opendev.org/starlingx/tools/commit/1d27ee4c43e60d1a0e3e6c62a6d57a1f9edb838a
Submitter: "Zuul (22348)"
Branch: master

commit 1d27ee4c43e60d1a0e3e6c62a6d57a1f9edb838a
Author: Haiqing Bai <email address hidden>
Date: Sun Oct 22 22:30:49 2023 -0700

    Debian: krb5: fix CVE-2023-36054

    Upgraded:
    krb5-multidev to krb5-multidev_1.18.3-6+deb11u4_amd64.deb
    libgssapi-krb5 to libgssapi-krb5-2_1.18.3-6+deb11u4_amd64.deb
    libgssrpc4 to libgssrpc4_1.18.3-6+deb11u4_amd64.deb
    libk5crypto3 libk5crypto3_1.18.3-6+deb11u4_amd64.deb
    libkadm5clnt-mit12 to libkadm5clnt-mit12_1.18.3-6+deb11u4_amd64.deb
    libkadm5srv-mit12 to libkadm5srv-mit12_1.18.3-6+deb11u4_amd64.deb
    libkrb5-3 to libkrb5-3_1.18.3-6+deb11u4_amd64.deb
    libkrb5-dev to libkrb5-dev_1.18.3-6+deb11u4_amd64.deb
    libkrb5support0 to libkrb5support0_1.18.3-6+deb11u4_amd64.deb

    Refer to:
    https://security-tracker.debian.org/tracker/CVE-2023-36054

    Test Plan:
    Pass: downloader
    Pass: build-pkgs --clean --all
    Pass: build-image
    Pass: boot

    Closes-bug: #2038795

    Change-Id: I071000cd3e4ae53a928d37430c33210744697e50
    Signed-off-by: Haiqing Bai <email address hidden>

Changed in starlingx:
status: In Progress → Fix Released
Ghada Khalil (gkhalil)
Changed in starlingx:
assignee: nobody → hqbai (hbai)
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.