| Errata ID | 381 |
|---|---|
| Date | 2018-05-08 |
| Source package | krb5 |
| Fixed in version | 1.12.1+dfsg-19+deb8u4 |
| Description | This update addresses the following issues: * The kdcpreauth modules in MIT Kerberos 5 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c. (CVE-2015-2694) * The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal. (CVE-2016-3119) * The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request. (CVE-2016-3120) * In MIT Kerberos 5 an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests. (CVE-2017-11368) |
| Additional notes | |
| CVE ID | CVE-2015-2694 CVE-2016-3119 CVE-2016-3120 CVE-2017-11368 |
| UCS Bug number | #46136 |
