Bugzilla – Bug 1214054
VUL-0: CVE-2023-36054: krb5: array count inconsistency in kadm5 RPC
Last modified: 2024-04-09 03:49:26 UTC
CVE-2023-36054 lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36054 https://www.cve.org/CVERecord?id=CVE-2023-36054 https://github.com/krb5/krb5/commit/ef08b09c9459551aabbe7924fb176f1583053cdd https://github.com/krb5/krb5/compare/krb5-1.20.1-final...krb5-1.20.2-final https://github.com/krb5/krb5/compare/krb5-1.21-final...krb5-1.21.1-final https://web.mit.edu/kerberos/www/advisories/ https://krbdev.mit.edu/rt/Ticket/Display.html?id=9099
Affected: - SUSE:ALP:Source:Standard:1.0/krb5 - SUSE:SLE-12-SP2:Update/krb5 - SUSE:SLE-15-SP1:Update/krb5 - SUSE:SLE-15-SP3:Update/krb5 - SUSE:SLE-15-SP4:Update/krb5 - SUSE:SLE-15-SP5:Update/krb5 Fix already in Factory.
SUSE-SU-2023:3325-1: An update that solves one vulnerability can now be installed. Category: security (important) Bug References: 1214054 CVE References: CVE-2023-36054 Sources used: openSUSE Leap 15.5 (src): krb5-1.20.1-150500.3.3.1, krb5-mini-1.20.1-150500.3.3.1 Basesystem Module 15-SP5 (src): krb5-1.20.1-150500.3.3.1 Server Applications Module 15-SP5 (src): krb5-1.20.1-150500.3.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:3363-1: An update that solves one vulnerability can now be installed. Category: security (important) Bug References: 1214054 CVE References: CVE-2023-36054 Sources used: openSUSE Leap Micro 5.4 (src): krb5-1.19.2-150400.3.6.1 openSUSE Leap 15.4 (src): krb5-mini-1.19.2-150400.3.6.1, krb5-1.19.2-150400.3.6.1 SUSE Linux Enterprise Micro for Rancher 5.3 (src): krb5-1.19.2-150400.3.6.1 SUSE Linux Enterprise Micro 5.3 (src): krb5-1.19.2-150400.3.6.1 SUSE Linux Enterprise Micro for Rancher 5.4 (src): krb5-1.19.2-150400.3.6.1 SUSE Linux Enterprise Micro 5.4 (src): krb5-1.19.2-150400.3.6.1 Basesystem Module 15-SP4 (src): krb5-1.19.2-150400.3.6.1 Server Applications Module 15-SP4 (src): krb5-1.19.2-150400.3.6.1 openSUSE Leap Micro 5.3 (src): krb5-1.19.2-150400.3.6.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:3365-1: An update that solves one vulnerability can now be installed. Category: security (important) Bug References: 1214054 CVE References: CVE-2023-36054 Sources used: SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): krb5-1.19.2-150300.13.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): krb5-1.19.2-150300.13.1 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): krb5-1.19.2-150300.13.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): krb5-1.19.2-150300.13.1 SUSE Manager Proxy 4.2 (src): krb5-1.19.2-150300.13.1 SUSE Manager Retail Branch Server 4.2 (src): krb5-1.19.2-150300.13.1 SUSE Manager Server 4.2 (src): krb5-1.19.2-150300.13.1 SUSE Enterprise Storage 7.1 (src): krb5-1.19.2-150300.13.1 SUSE Linux Enterprise Micro 5.1 (src): krb5-1.19.2-150300.13.1 SUSE Linux Enterprise Micro 5.2 (src): krb5-1.19.2-150300.13.1 SUSE Linux Enterprise Micro for Rancher 5.2 (src): krb5-1.19.2-150300.13.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:3398-1: An update that solves one vulnerability can now be installed. Category: security (important) Bug References: 1214054 CVE References: CVE-2023-36054 Sources used: SUSE Linux Enterprise Software Development Kit 12 SP5 (src): krb5-1.12.5-40.52.1 SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (src): krb5-1.12.5-40.52.1 SUSE Linux Enterprise High Performance Computing 12 SP5 (src): krb5-1.12.5-40.52.1 SUSE Linux Enterprise Server 12 SP5 (src): krb5-1.12.5-40.52.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): krb5-1.12.5-40.52.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:3434-1: An update that solves one vulnerability can now be installed. Category: security (important) Bug References: 1214054 CVE References: CVE-2023-36054 Sources used: SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): krb5-1.16.3-150100.3.30.1 SUSE CaaS Platform 4.0 (src): krb5-1.16.3-150100.3.30.1 SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): krb5-1.16.3-150100.3.30.1 SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): krb5-1.16.3-150100.3.30.1 SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): krb5-1.16.3-150100.3.30.1 SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): krb5-1.16.3-150100.3.30.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): krb5-1.16.3-150100.3.30.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Reassigned to security team to close it.
As indicated at https://bugzilla.suse.com/show_bug.cgi?id=1221579#c3, point 1, I think 11SP4 is affected, but I see in smash it's indicated as unsupported. Security team, shouldn't 11SP4 be tracked as Affected (as recently applied to https://smash.suse.de/issue/395561)?