Search for packages
| purl | pkg:deb/debian/heimdal@7.1.0%2Bdfsg-13%2Bdeb9u3 |
| Next non-vulnerable version | 7.7.0+dfsg-2+deb11u3 |
| Latest non-vulnerable version | 7.7.0+dfsg-2+deb11u3 |
| Risk | 4.4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-19va-75wc-pbez
Aliases: CVE-2018-16860 |
A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode. A man in the middle attacker could use this flaw to intercept the request to the KDC and replace the user name (principal) in the request with any desired user name (principal) that exists in the KDC effectively obtaining a ticket for that principal. |
Affected by 8 other vulnerabilities. |
|
VCID-1m1v-z49r-8fh5
Aliases: CVE-2022-45142 |
The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches (and possibly other branches) a logic inversion sneaked in causing the validation of message integrity codes in gssapi/arcfour to be inverted. |
Affected by 0 other vulnerabilities. |
|
VCID-7y76-qxnz-4baw
Aliases: CVE-2019-14870 |
All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regular Kerberos authentication, by forcing all tickets for these clients to be non-forwardable. In AD this is implemented by a user attribute delegation_not_allowed (aka not-delegated), which translates to disallow-forwardable. However the Samba AD DC does not do that for S4U2Self and does set the forwardable flag even if the impersonated client has the not-delegated flag set. |
Affected by 0 other vulnerabilities. |
|
VCID-9qay-yajk-nkhe
Aliases: CVE-2019-12098 |
In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c. |
Affected by 8 other vulnerabilities. |
|
VCID-akd4-nhy8-6qc8
Aliases: CVE-2017-11103 |
Affected by 8 other vulnerabilities. |
|
|
VCID-e7vh-qkyd-eqbb
Aliases: CVE-2017-17439 |
Affected by 8 other vulnerabilities. |
|
|
VCID-kpgs-tn61-1kem
Aliases: CVE-2022-42898 |
PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug." |
Affected by 0 other vulnerabilities. |
|
VCID-mx2f-mju7-2kcj
Aliases: CVE-2022-3437 |
A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack. |
Affected by 0 other vulnerabilities. |
|
VCID-rvrn-64xr-4bbr
Aliases: CVE-2021-3671 |
A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). An authenticated user could use this flaw to crash the samba server. |
Affected by 0 other vulnerabilities. |
|
VCID-t38q-h456-r3af
Aliases: CVE-2022-44640 |
Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC). |
Affected by 0 other vulnerabilities. |
|
VCID-wpbb-uc5r-bud4
Aliases: CVE-2021-44758 |
Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferred_mech_type of GSS_C_NO_OID and a nonzero initial_response value to send_accept. |
Affected by 0 other vulnerabilities. |
|
VCID-yxsg-qgfk-37hs
Aliases: CVE-2022-41916 |
Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal's libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-19va-75wc-pbez | A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode. A man in the middle attacker could use this flaw to intercept the request to the KDC and replace the user name (principal) in the request with any desired user name (principal) that exists in the KDC effectively obtaining a ticket for that principal. |
CVE-2018-16860
|
| VCID-5w2v-j5gy-87hx |
CVE-2017-6594
|
|
| VCID-9qay-yajk-nkhe | In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c. |
CVE-2019-12098
|
| VCID-akd4-nhy8-6qc8 |
CVE-2017-11103
|
|
| VCID-e7vh-qkyd-eqbb |
CVE-2017-17439
|