安全公告详情

NS-SA-2023-0102

2023-07-13 18:35:27

简介

important: krb5/sssd security update

严重级别

important

主题

An update for krb5/sssd is now available for NewStart CGSL MAIN 5.04.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

krb5: Kerberos is a network authentication system. The krb5-pkinit package contains the PKINIT plugin, which allows clients to obtain initial credentials from a KDC using a private key and a certificate.
sssd: Provides the D-Bus responder of the SSSD, called the InfoPipe, that allows the information from the SSSD to be transmitted over the system bus.


Security Fix(es):
krb5: A flaw was found in krb5. The Key Distribution Center (KDC) in MIT Kerberos 5 has a NULL pointer dereference via a FAST inner body that lacks a server field. An authenticated attacker could use this flaw to crash the Kerberos KDC server. The highest threat from this vulnerability is to system availability.(CVE-2021-37750)
krb5: A vulnerability was found in MIT krb5. This flaw allows an authenticated attacker to cause a KDC or kadmind process to crash by reading beyond the bounds of allocated memory, creating a denial of service. A privileged attacker may similarly be able to cause a Kerberos or GSS application service to crash.(CVE-2022-42898)
krb5: bugfix
sssd: A vulnerability was found in SSSD, in the libsss_certmap functionality. PKINIT enables a client to authenticate to the KDC using an X.509 certificate and the corresponding private key, rather than a passphrase or keytab. FreeIPA uses mapping rules to map a certificate presented during a PKINIT authentication request to the corresponding principal. The mapping filter is vulnerable to LDAP filter injection. The search result can be influenced by values in the certificate, which may be attacker controlled. In the most extreme case, an attacker could gain control of the admin account, leading to full domain takeover.(CVE-2022-4254)
sssd: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 5.04.F50B4.

影响组件

  • krb5
  • sssd

影响产品

  • CGSL MAIN 5.04

更新包

{"fix":[{"product":"CGSL MAIN 5.04","pkgs":[{"binary":["krb5-pkinit-1.15.1-55.el7_9.cgslv5_4.0.2.gaf454ce.x86_64.rpm","libkadm5-1.15.1-55.el7_9.cgslv5_4.0.2.gaf454ce.x86_64.rpm","krb5-server-ldap-1.15.1-55.el7_9.cgslv5_4.0.2.gaf454ce.x86_64.rpm","krb5-devel-1.15.1-55.el7_9.cgslv5_4.0.2.gaf454ce.x86_64.rpm","krb5-server-1.15.1-55.el7_9.cgslv5_4.0.2.gaf454ce.x86_64.rpm","krb5-workstation-1.15.1-55.el7_9.cgslv5_4.0.2.gaf454ce.x86_64.rpm","krb5-libs-1.15.1-55.el7_9.cgslv5_4.0.2.gaf454ce.x86_64.rpm","krb5-debuginfo-1.15.1-55.el7_9.cgslv5_4.0.2.gaf454ce.x86_64.rpm"],"source":"krb5-1.15.1-55.el7_9.cgslv5_4.0.2.gaf454ce.src.rpm"},{"binary":["sssd-dbus-1.16.5-10.el7_9.15.x86_64.rpm","sssd-debuginfo-1.16.5-10.el7_9.15.x86_64.rpm","sssd-ipa-1.16.5-10.el7_9.15.x86_64.rpm","python-sssdconfig-1.16.5-10.el7_9.15.noarch.rpm","sssd-ldap-1.16.5-10.el7_9.15.x86_64.rpm","sssd-kcm-1.16.5-10.el7_9.15.x86_64.rpm","sssd-common-pac-1.16.5-10.el7_9.15.x86_64.rpm","libipa_hbac-devel-1.16.5-10.el7_9.15.x86_64.rpm","python-sss-1.16.5-10.el7_9.15.x86_64.rpm","libsss_simpleifp-1.16.5-10.el7_9.15.x86_64.rpm","sssd-tools-1.16.5-10.el7_9.15.x86_64.rpm","sssd-krb5-1.16.5-10.el7_9.15.x86_64.rpm","sssd-common-1.16.5-10.el7_9.15.x86_64.rpm","libsss_nss_idmap-devel-1.16.5-10.el7_9.15.x86_64.rpm","sssd-winbind-idmap-1.16.5-10.el7_9.15.x86_64.rpm","sssd-ad-1.16.5-10.el7_9.15.x86_64.rpm","python-sss-murmur-1.16.5-10.el7_9.15.x86_64.rpm","sssd-polkit-rules-1.16.5-10.el7_9.15.x86_64.rpm","sssd-libwbclient-devel-1.16.5-10.el7_9.15.x86_64.rpm","python-libipa_hbac-1.16.5-10.el7_9.15.x86_64.rpm","python-libsss_nss_idmap-1.16.5-10.el7_9.15.x86_64.rpm","sssd-libwbclient-1.16.5-10.el7_9.15.x86_64.rpm","libsss_idmap-1.16.5-10.el7_9.15.x86_64.rpm","libsss_nss_idmap-1.16.5-10.el7_9.15.x86_64.rpm","libsss_idmap-devel-1.16.5-10.el7_9.15.x86_64.rpm","sssd-1.16.5-10.el7_9.15.x86_64.rpm","libsss_sudo-1.16.5-10.el7_9.15.x86_64.rpm","libipa_hbac-1.16.5-10.el7_9.15.x86_64.rpm","sssd-proxy-1.16.5-10.el7_9.15.x86_64.rpm","sssd-client-1.16.5-10.el7_9.15.x86_64.rpm","libsss_certmap-1.16.5-10.el7_9.15.x86_64.rpm","sssd-krb5-common-1.16.5-10.el7_9.15.x86_64.rpm","libsss_simpleifp-devel-1.16.5-10.el7_9.15.x86_64.rpm","libsss_certmap-devel-1.16.5-10.el7_9.15.x86_64.rpm","libsss_autofs-1.16.5-10.el7_9.15.x86_64.rpm"],"source":"sssd-1.16.5-10.el7_9.15.src.rpm"}]}]}

CVE

参考