1. Forum
  2. Usenet
  3. COMP.PROTOCOLS.KERBEROS

  • 3 kerberos security issues

    From Alexander Bergmann@21:1/5 to All on Fri Mar 1 13:13:05 2024
    Hi everyone,

    We got notified via NVD about 3 new security issues. Right now there
    seams to be no upstream reference. Could someone please comment on this?

    CVE-2024-26458: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c
    CVE-2024-26461: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c CVE-2024-26462: Memory leak at /krb5/src/kdc/ndr.c

    References:
    https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26462



    Thanks,
    Alex~

    --
    Alexander Bergmann <abergmann@suse.com>
    Security Engineer, GPG: E30A 65A4 0F50 0066 B2B5 F614 DE54 E875 9FFA 4886
    SUSE Software Solutions Germany GmbH
    Frankenstr. 146, 90461 Nuernberg, Germany
    Managing Director/Geschäftsführer: Ivo Totev, Andrew McDonald, Werner Knoblich (HRB 36809, AG Nürnberg)

    -----BEGIN PGP SIGNATURE-----

    iQEzBAABCAAdFiEE4wplpA9QAGaytfYU3lTodZ/6SIYFAmXhxk4ACgkQ3lTodZ/6 SIYEEAf+J72CK1bmGi1dTOcnENMa5iynjF6RN+dgG4L4gKhHmya1kDNat47iyJkg dow2A0WkjfdscklejB4PDxjDr3U5Z+oVHROlCZfIAlH3S1M3PX0b7RlfBBwNZ4wY T0QhBqf2T1P0X4N+ofoUi1UBRsQT8md6+AyXBCvvsMO5q147cuEIeICr98rUJ38q Wp3L/Of9CdzFjVAzmD5HaTDFqlRKBw3N1oGGXQOYRUcAh9xL6BekNydiJjUu0OpI zSo1w6v/noa9sMIbgOkcclScdALzmvIne+fKOYqeCUf3UqFkQ/9h7Y7LvzIAapAU wlVeyh6GSqGJdAkPV3rHpEv2ZB2BOg==
    =y9fp
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Greg Hudson@21:1/5 to Alexander Bergmann on Fri Mar 1 15:38:04 2024
    To: kerberos@mit.edu

    On 3/1/24 07:13, Alexander Bergmann via Kerberos wrote:
    We got notified via NVD about 3 new security issues. Right now there
    seams to be no upstream reference. Could someone please comment on this?

    CVE-2024-26458: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c
    CVE-2024-26461: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c CVE-2024-26462: Memory leak at /krb5/src/kdc/ndr.c

    These CVEs appear to be the result of someone running a static analysis
    tool over the MIT krb5 code base and assigning CVEs to each resulting
    defect, without performing any additional impact analysis or upstream consultation.

    The pmap_rmt.c leak only affects pmap_rmtcall(), which is unused by the
    rest of the krb5 code base and likely unused by anyone else.

    The k5sealv3.c leak affects an encoding function, and happens on a
    bounds check which likely cannot be triggered with any choice of
    memory-valid API inputs. (The bounds check was itself introduced to
    quash a different static analysis defect.)

    The ndr.c leak also affects an encoding function, and triggers if the
    input contains invalid UTF-8. This one might be triggerable by a
    request (though it may require elevated privilege), but I would not have requested a CVE for it myself.

    I will fix these on the mainline, but I only expect to assign a ticket
    to the third one.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)