diff options
Diffstat (limited to 'website/static/security/advisories/FreeBSD-SA-22:14.heimdal.asc')
| -rw-r--r-- | website/static/security/advisories/FreeBSD-SA-22:14.heimdal.asc | 195 |
1 files changed, 195 insertions, 0 deletions
diff --git a/website/static/security/advisories/FreeBSD-SA-22:14.heimdal.asc b/website/static/security/advisories/FreeBSD-SA-22:14.heimdal.asc new file mode 100644 index 0000000000..663a2236bf --- /dev/null +++ b/website/static/security/advisories/FreeBSD-SA-22:14.heimdal.asc @@ -0,0 +1,195 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-22:14.heimdal Security Advisory + The FreeBSD Project + +Topic: Multiple vulnerabilities in Heimdal [REVISED] + +Category: contrib +Module: heimdal +Announced: 2022-11-15 +Revised: 2022-11-29 +Affects: All supported versions of FreeBSD. +Corrected: 2022-11-15 21:15:35 UTC (stable/13, 13.1-STABLE) + 2022-11-16 01:50:27 UTC (releng/13.1, 13.1-RELEASE-p4) + 2022-11-15 21:16:56 UTC (stable/12, 12.4-STABLE) + 2022-11-16 01:47:57 UTC (releng/12.4, 12.4-RC2-p1) + 2022-11-16 01:40:21 UTC (releng/12.3, 12.3-RELEASE-p9) +CVE Name: CVE-2019-14870, CVE-2022-3437, CVE-2022-42898, + CVE-2022-44640, CVE-2021-44758 + +0. Revision history + +v1.0 2022-11-15 Initial release. +v1.1 2022-11-29 Updated with reference to FreeBSD-EN-22:28.heimdal. + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +Heimdal implements the Kerberos 5 network authentication protocols. + +A Key Distribution Center (KDC) is trusted by all principals registered +in that administrative "realm" to store a secret key in confidence, of +which, the proof of knowledge is used to verify the authenticity of a +principal. + +II. Problem Description + +Multiple security vulnerabilities have been discovered in the Heimdal +implementation of the Kerberos 5 network authentication protocols and KDC. + +- - CVE-2022-42898 PAC parse integer overflows +- - CVE-2022-3437 Overflows and non-constant time leaks in DES{,3} and arcfour +- - CVE-2021-44758 NULL dereference DoS in SPNEGO acceptors +- - CVE-2022-44640 Heimdal KDC: invalid free in ASN.1 codec +- - CVE-2019-14870 Validate client attributes in protocol-transition +- - CVE-2019-14870 Apply forwardable policy in protocol-transition +- - CVE-2019-14870 Always lookup impersonate client in DB + +III. Impact + +A malicious actor with control of the network between a client and a service +using Kerberos for authentication can impersonate either the client or the +service, enabling a man-in-the-middle (MITM) attack circumventing mutual +authentication. + +Note that, while CVE-2022-44640 is a severe vulnerability, possibly enabling +remote code execution on other platforms, the version of Heimdal included with +the FreeBSD base system cannot be exploited in this way on FreeBSD. + +IV. Workaround + +No workaround is available, but only systems using Kerberos are affected. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. + +A reboot is recommended. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +A reboot is recommended. + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-22:14/heimdal.patch +# fetch https://security.FreeBSD.org/patches/SA-22:14/heimdal.patch.asc +# gpg --verify heimdal.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) The original revision of this advisory included a patch which renders the +KDC inoperative. This was corrected in FreeBSD-EN-22:28.heimdal. Systems +using the KDC must download and verify an additional patch: + +# fetch https://security.FreeBSD.org/patches/EN-22:28/heimdal.patch +# fetch https://security.FreeBSD.org/patches/EN-22:28/heimdal.patch.asc +# gpg --verify heimdal.patch.asc + +d) Apply the additional patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +e) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart all daemons that use the Kerberos, or reboot the system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ d0b6550173d2 stable/13-n253097 +releng/13.1/ a1e014e89282 releng/13.1-n250170 +stable/12/ r372752 +releng/12.4/ r372755 +releng/12.3/ r372753 +- ------------------------------------------------------------------------- + +For FreeBSD 13 and later: + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +For FreeBSD 12 and earlier: + +Run the following command to see which files were modified by a particular +revision, replacing NNNNNN with the revision number: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> + +VII. References + +<URL:https://github.com/heimdal/heimdal/releases/tag/heimdal-7.8.0> + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14870> +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44758> +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3437> +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42898> +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44640> + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=267827> +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-22:28.heimdal.asc> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-22:14.heimdal.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmOGlpAACgkQ05eS9J6n +5cJFGQ//TbsJox2faNwQaBoQy/gFSP6TgauZTZJR5A5Y6bRMcvkNJyl3KIM2XlWD +W+lJlxL7kERjv9zD6iI8rns4+FOO2p9f4ICZsWy88ABQrmpuz2N22MSd8NyXeRv0 +30HyftaUMZdAPHVk5Piu7l3U6S4tPiO1BZEoMucG8cby1eWlPMtuH3K/0/CLZmPc +F8U+oRDwB5KnZgP39JmvejvGoXik1lhCrvaLZ5fG1QEmyb1xtjHfT+QSkh9FWLxz +jrHfwgpZFERprpMzqZAicbinV/LjZMfEbckJygzGNzSTTPD+uqT/jDmY+iHnkdF1 +Lw9R8pJoJIpvckRrPLQIOZZuz/Xd4FRB7Gc/q4/x4HTP/8y/x1uKZmcbrh86W9xu +9jCLMgpqETEjHhqADX7Z4+7oxhCPmgSJP8dX5o0HvORs4bqqxbkLqkCsp8QXdcES +vftJGgpt1IPO8MBcr4pG6+cEcZQuk7qX0/D3PArxLkwU2coimP2MmjxyeWBX5GrI +zgdF2HiUYvuZXyt1FMgve+8JkS1RYEE+yPWeOJ5RnIuHnIaNTD81o1gIYuFL3ECb +UAREi6FYskzeJQ/W2ZRMwQPGMPDQI901+msfStjxgx92rKhxLW+rDsg0EUsApoOv +DzIaeCtOGCZMG/mLvVhOLYbqmFrHDbWy8cMoSti/lnx7OdLpnn4= +=L299 +-----END PGP SIGNATURE----- |