FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
11bbccbc-03ee-11e0-bcdb-001fc61c2a55krb5 -- multiple checksum handling vulnerabilities

The MIT Kerberos team reports:

MIT krb5 clients incorrectly accept an unkeyed checksums in the SAM-2 preauthentication challenge.

An unauthenticated remote attacker could alter a SAM-2 challenge, affecting the prompt text seen by the user or the kind of response sent to the KDC. Under some circumstances, this can negate the incremental security benefit of using a single-use authentication mechanism token.

MIT krb5 incorrectly accepts RFC 3961 key-derivation checksums using RC4 keys when verifying KRB-SAFE messages.

An unauthenticated remote attacker has a 1/256 chance of forging KRB-SAFE messages in an application protocol if the targeted pre-existing session uses an RC4 session key. Few application protocols use KRB-SAFE messages.


Discovery 2010-11-30
Entry 2010-12-09
krb5
ge 1.3.0 lt 1.7.2

ge 1.8.0 le 1.8.3

45118
CVE-2010-1323
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt
http://osvdb.org/69610
e3f64457-cccd-11e2-af76-206a8a720317krb5 -- UDP ping-pong vulnerability in the kpasswd (password changing) service. [CVE-2002-2443]

No advisory has been released yet.

schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103. [CVE-2002-2443].


Discovery 2013-05-10
Entry 2013-06-03
krb5
le 1.11.2

CVE-2002-2443
http://web.mit.edu/kerberos/www/krb5-1.11/
0d57c1d9-03f4-11e0-bf50-001a926c7637krb5 -- multiple checksum handling vulnerabilities

The MIT Kerberos team reports:

MIT krb incorrectly accepts an unkeyed checksum with DES session keys for version 2 (RFC 4121) of the GSS-API krb5 mechanism.

An unauthenticated remote attacker can forge GSS tokens that are intended to be integrity-protected but unencrypted, if the targeted pre-existing application session uses a DES session key.

MIT krb5 KDC incorrectly accepts RFC 3961 key-derivation checksums using RC4 keys when verifying the req-checksum in a KrbFastArmoredReq.

An unauthenticated remote attacker has a 1/256 chance of swapping a client-issued KrbFastReq into a different KDC-REQ, if the armor key is RC4. The consequences are believed to be minor.


Discovery 2010-11-30
Entry 2010-12-09
krb5
ge 1.7.0 lt 1.7.2

ge 1.8.0 le 1.8.3

45116
CVE-2010-1324
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt
http://osvdb.org/69609
1d193bba-03f6-11e0-bf50-001a926c7637krb5 -- RFC 3961 key-derivation checksum handling vulnerability

The MIT Kerberos team reports:

MIT krb5 (releases incorrectly accepts RFC 3961 key-derivation checksums using RC4 keys when verifying AD-SIGNEDPATH and AD-KDC-ISSUED authorization data.

An authenticated remote attacker that controls a legitimate service principal has a 1/256 chance of forging the AD-SIGNEDPATH signature if the TGT key is RC4, allowing it to use self-generated "evidence" tickets for S4U2Proxy, instead of tickets obtained from the user or with S4U2Self. Configurations using RC4 for the TGT key are believed to be rare.

An authenticated remote attacker has a 1/256 chance of forging AD-KDC-ISSUED signatures on authdata elements in tickets having an RC4 service key, resulting in privilege escalation against a service that relies on these signatures. There are no known uses of the KDC-ISSUED authdata container at this time.


Discovery 2010-11-30
Entry 2010-12-09
krb5
ge 1.8.0 le 1.8.3

45117
CVE-2010-4020
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt
http://osvdb.org/69608
64f24a1e-66cf-11e0-9deb-f345f3aa24f0krb5 -- MITKRB5-SA-2011-001, kpropd denial of service

An advisory published by the MIT Kerberos team says:

The MIT krb5 KDC database propagation daemon (kpropd) is vulnerable to a denial-of-service attack triggered by invalid network input. If a kpropd worker process receives invalid input that causes it to exit with an abnormal status, it can cause the termination of the listening process that spawned it, preventing the slave KDC it was running on from receiving database updates from the master KDC.

Exploit code is not known to exist, but the vulnerabilities are easy to trigger manually.

An unauthenticated remote attacker can cause kpropd running in standalone mode (the "-S" option) to terminate its listening process, preventing database propagations to the KDC host on which it was running. Configurations where kpropd runs in incremental propagation mode ("iprop") or as an inetd server are not affected.


Discovery 2011-02-08
Entry 2011-04-14
krb5
ge 1.7 lt 1.7.2

ge 1.8 lt 1.8.4

eq 1.9

CVE-2010-4022
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-001.txt
4ab413ea-66ce-11e0-bf05-d445f3aa24f0krb5 -- MITKRB5-SA-2011-002, KDC vulnerable to hang when using LDAP back end

An advisory published by the MIT Kerberos team says:

The MIT krb5 Key Distribution Center (KDC) daemon is vulnerable to denial of service attacks from unauthenticated remote attackers. CVE-2011-0281 and CVE-2011-0282 occur only in KDCs using LDAP back ends, but CVE-2011-0283 occurs in all krb5-1.9 KDCs.

Exploit code is not known to exist, but the vulnerabilities are easy to trigger manually. The trigger for CVE-2011-0281 has already been disclosed publicly, but that fact might not be obvious to casual readers of the message in which it was disclosed. The triggers for CVE-2011-0282 and CVE-2011-0283 have not yet been disclosed publicly, but they are also trivial.

CVE-2011-0281: An unauthenticated remote attacker can cause a KDC configured with an LDAP back end to become completely unresponsive until restarted.

CVE-2011-0282: An unauthenticated remote attacker can cause a KDC configured with an LDAP back end to crash with a null pointer dereference.

CVE-2011-0283: An unauthenticated remote attacker can cause a krb5-1.9 KDC with any back end to crash with a null pointer dereference.


Discovery 2011-02-08
Entry 2011-04-14
krb5
ge 1.7 lt 1.7.2

ge 1.8 le 1.8.4

eq 1.9

CVE-2011-0281
CVE-2011-0282
CVE-2011-0283
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt
7edac52a-66cd-11e0-9398-5d45f3aa24f0krb5 -- MITKRB5-SA-2011-003, KDC vulnerable to double-free when PKINIT enabled

An advisory published by the MIT Kerberos team says:

The MIT Kerberos 5 Key Distribution Center (KDC) daemon is vulnerable to a double-free condition if the Public Key Cryptography for Initial Authentication (PKINIT) capability is enabled, resulting in daemon crash or arbitrary code execution (which is believed to be difficult).

An unauthenticated remote attacker can induce a double-free event, causing the KDC daemon to crash (denial of service), or to execute arbitrary code. Exploiting a double-free event to execute arbitrary code is believed to be difficult.


Discovery 2011-03-15
Entry 2011-04-14
krb5
ge 1.7 lt 1.7.2

ge 1.8 lt 1.8.4

eq 1.9

CVE-2011-0284
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-003.txt
6a3c3e5c-66cb-11e0-a116-c535f3aa24f0krb5 -- MITKRB5-SA-2011-004, kadmind invalid pointer free() [CVE-2011-0285]

An advisory published by the MIT Kerberos team says:

The password-changing capability of the MIT krb5 administration daemon (kadmind) has a bug that can cause it to attempt to free() an invalid pointer under certain error conditions. This can cause the daemon to crash or induce the execution of arbitrary code (which is believed to be difficult). No exploit that executes arbitrary code is known to exist, but it is easy to trigger a denial of service manually.

Some platforms detect attempted freeing of invalid pointers and protectively terminate the process, preventing arbitrary code execution on those platforms.


Discovery 2011-04-12
Entry 2011-04-14
krb5
ge 1.7 lt 1.7.2

ge 1.8 lt 1.8.4

eq 1.9

CVE-2011-0285
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-004.txt
3f3837cc-48fb-4414-aa46-5b1c23c9feaekrb5 -- Multiple vulnerabilities

MIT reports:

CVE-2017-11368:

In MIT krb5 1.7 and later, an authenticated attacker can cause an assertion failure in krb5kdc by sending an invalid S4U2Self or S4U2Proxy request.

CVE-2017-11462:

RFC 2744 permits a GSS-API implementation to delete an existing security context on a second or subsequent call to gss_init_sec_context() or gss_accept_sec_context() if the call results in an error. This API behavior has been found to be dangerous, leading to the possibility of memory errors in some callers. For safety, GSS-API implementations should instead preserve existing security contexts on error until the caller deletes them.

All versions of MIT krb5 prior to this change may delete acceptor contexts on error. Versions 1.13.4 through 1.13.7, 1.14.1 through 1.14.5, and 1.15 through 1.15.1 may also delete initiator contexts on error.


Discovery 2017-07-14
Entry 2017-10-18
krb5
< 1.14.6

ge 1.15 lt 1.15.2

krb5-devel
< 1.14.6

ge 1.15 lt 1.15.2

krb5-115
< 1.15.2

krb5-114
< 1.14.6

krb5-113
< 1.14.6

https://nvd.nist.gov/vuln/detail/CVE-2017-11368
https://krbdev.mit.edu/rt/Ticket/Display.html?id=8599
https://github.com/krb5/krb5/commit/ffb35baac6981f9e8914f8f3bffd37f284b85970
https://nvd.nist.gov/vuln/detail/CVE-2017-11462
https://krbdev.mit.edu/rt/Ticket/Display.html?id=8598
https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf
CVE-2017-11368
CVE-2017-11462
406636fe-055d-11e5-aab1-d050996490d0krb5 -- requires_preauth bypass in PKINIT-enabled KDC

MIT reports:

In MIT krb5 1.12 and later, when the KDC is configured with PKINIT support, an unauthenticated remote attacker can bypass the requires_preauth flag on a client principal and obtain a ciphertext encrypted in the principal's long-term key. This ciphertext could be used to conduct an off-line dictionary attack against the user's password.


Discovery 2015-05-25
Entry 2015-05-28
krb5
< 1.13.2

krb5-112
< 1.12.3_2

CVE-2015-2694
http://krbdev.mit.edu/rt/Ticket/Display.html?id=8160
f54584bc-7d2b-11e2-9bd1-206a8a720317krb5 -- null pointer dereference in the KDC PKINIT code [CVE-2013-1415]

No advisory has been released yet.

Fix a null pointer dereference in the KDC PKINIT code [CVE-2013-1415].


Discovery 2013-02-21
Entry 2013-02-22
krb5
le 1.11

CVE-2013-1415
http://web.mit.edu/kerberos/www/krb5-1.11/
3a888a1e-b321-11e4-83b2-206a8a720317krb5 -- Vulnerabilities in kadmind, libgssrpc, gss_process_context_token VU#540092

The MIT Kerberos team reports:

CVE-2014-5353: The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy.

CVE-2014-5354: plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by creating a database entry for a keyless principal, as demonstrated by a kadmin "add_principal -nokey" or "purgekeys -all" command.


Discovery 2015-02-12
Entry 2015-02-12
Modified 2015-02-13
krb5
< 1.13.1

krb5-112
< 1.12.2_2

krb5-111
< 1.11.5_5

CVE-2014-5353
CVE-2014-5354
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2015-001.txt
24ce5597-acab-11e4-a847-206a8a720317krb5 -- Vulnerabilities in kadmind, libgssrpc, gss_process_context_token VU#540092

SO-AND-SO reports:

CVE-2014-5352: In the MIT krb5 libgssapi_krb5 library, after gss_process_context_token() is used to process a valid context deletion token, the caller is left with a security context handle containing a dangling pointer. Further uses of this handle will result in use-after-free and double-free memory access violations. libgssrpc server applications such as kadmind are vulnerable as they can be instructed to call gss_process_context_token().

CVE-2014-9421: If the MIT krb5 kadmind daemon receives invalid XDR data from an authenticated user, it may perform use-after-free and double-free memory access violations while cleaning up the partial deserialization results. Other libgssrpc server applications may also be vulnerable if they contain insufficiently defensive XDR functions.

CVE-2014-9422: The MIT krb5 kadmind daemon incorrectly accepts authentications to two-component server principals whose first component is a left substring of "kadmin" or whose realm is a left prefix of the default realm.

CVE-2014-9423: libgssrpc applications including kadmind output four or eight bytes of uninitialized memory to the network as part of an unused "handle" field in replies to clients.


Discovery 2015-02-03
Entry 2015-02-04
krb5
< 1.13_1

krb5-112
< 1.12.2_1

krb5-111
< 1.11.5_4

CVE-2014-5352
CVE-2014-9421
CVE-2014-9422
CVE-2014-9423
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2015-001.txt