Advisories ยป MGASA-2017-0420

Updated krb5 packages fix security vulnerabilities

Publication date: 20 Nov 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-7562 , CVE-2017-11462 , CVE-2017-15088


An authentication bypass flaw was found in the way krb5's certauth
interface handled the validation of client certificates. A remote
attacker able to communicate with the KDC could potentially use this
flaw to impersonate arbitrary principals under rare and erroneous
circumstances (CVE-2017-7562).
Note that this issue only affects Mageia 6.

RFC 2744 permits a GSS-API implementation to delete an existing security
context on a second or subsequent call to gss_init_sec_context() or
gss_accept_sec_context() if the call results in an error.  This API
behavior has been found to be dangerous, leading to the possibility of
memory errors in some callers.  For safety, GSS-API implementations
should instead preserve existing security contexts on error until the
caller deletes them (CVE-2017-11462).

A buffer overflow vulnerability was found in get_matching_data()
function when both the CA cert and the user cert have a long subject
affecting krb5 that includes certauth plugin. Attack requires a
validated certificate with a long subject and issuer, and a
"pkinit_cert_match" string attribute on some principal in the database.
A remote code execution exploit might also require that the attacker
gets to choose the contents of the issuer in the validated cert