#20000 closed enhancement (fixed)
krb5-1.21.3 (mit kerberos)
| Reported by: | Bruce Dubbs | Owned by: | Bruce Dubbs |
|---|---|---|---|
| Priority: | elevated | Milestone: | 12.2 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description ¶
New point version.
Change History (6)
comment:1 by , 9 months ago
comment:2 by , 9 months ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
follow-up: 5 comment:3 by , 9 months ago
Major changes in 1.21.3 (2024-06-26)
- Fix vulnerabilities in GSS message token handling [CVE-2024-37370, CVE-2024-37371].
- Fix a potential bad pointer free in krb5_cccol_have_contents().
- Fix a memory leak in the macOS ccache type.
CVE-2024-32370 Detail
An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a remote attacker to obtain sensitive information via a crafted payload to the id parameter in the mliSystemUsers.php component.
CVE-2024-37671 Detail
Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the page parameter.
comment:4 by , 9 months ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Fixed at commits:
a9316ac749 Update to krb5-1.21.3 (Security Update). ca25155ef7 Update to xmlto-0.0.29. 341a3cf6a5 Update to btrfs-progs-v6.9.2. 6310855342 Update to kirigami-addons-1.3.0.
comment:5 by , 9 months ago
| Priority: | normal → elevated |
|---|
Replying to Bruce Dubbs:
Major changes in 1.21.3 (2024-06-26)
- Fix vulnerabilities in GSS message token handling [CVE-2024-37370, CVE-2024-37371].
- Fix a potential bad pointer free in krb5_cccol_have_contents().
- Fix a memory leak in the macOS ccache type.
CVE-2024-32370 Detail
An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a remote attacker to obtain sensitive information via a crafted payload to the id parameter in the mliSystemUsers.php component.
CVE-2024-37671 Detail
Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the page parameter.
The two vulnerabilities listed above aren't correct and have some numbers transposed. This can happen sometimes though because the top Google result for the vulnerability will be what it thinks is close enough if NVD isn't aware of it yet.
Here's the correct details:
CVE-2024-37370:
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.
CVE-2024-37371:
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.
Annoyingly the sed for removing test 12 is still needed for a clean test result.
I've reported it as https://krbdev.mit.edu/rt/Ticket/Display.html?id=9129.