Lucene search
AmazonALAS-2023-1818HistoryAug 30, 2023 - 5:56 p.m.
Medium: krb5
2023-08-3017:56:00
alas.aws.amazon.com
10
mit kerberos 5
kadmind crash
uninitialized pointer
remote authenticated user
cve-2023-36054
0.003 Low
EPSS
Percentile
67.5%
Issue Overview:
lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count. (CVE-2023-36054)
Affected Packages:
krb5
Issue Correction:
Run yum update krb5 to update your system.
New Packages:
i686:
krb5-workstation-1.15.1-55.52.amzn1.i686
krb5-debuginfo-1.15.1-55.52.amzn1.i686
krb5-server-ldap-1.15.1-55.52.amzn1.i686
libkadm5-1.15.1-55.52.amzn1.i686
krb5-server-1.15.1-55.52.amzn1.i686
krb5-devel-1.15.1-55.52.amzn1.i686
krb5-libs-1.15.1-55.52.amzn1.i686
krb5-pkinit-openssl-1.15.1-55.52.amzn1.i686
src:
krb5-1.15.1-55.52.amzn1.src
x86_64:
krb5-server-1.15.1-55.52.amzn1.x86_64
krb5-debuginfo-1.15.1-55.52.amzn1.x86_64
krb5-pkinit-openssl-1.15.1-55.52.amzn1.x86_64
krb5-libs-1.15.1-55.52.amzn1.x86_64
krb5-devel-1.15.1-55.52.amzn1.x86_64
krb5-workstation-1.15.1-55.52.amzn1.x86_64
libkadm5-1.15.1-55.52.amzn1.x86_64
krb5-server-ldap-1.15.1-55.52.amzn1.x86_64
Additional References
Red Hat: CVE-2023-36054
Mitre: CVE-2023-36054
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 1 | i686 | krb5-workstation | < 1.15.1-55.52.amzn1 | krb5-workstation-1.15.1-55.52.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | krb5-debuginfo | < 1.15.1-55.52.amzn1 | krb5-debuginfo-1.15.1-55.52.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | krb5-server-ldap | < 1.15.1-55.52.amzn1 | krb5-server-ldap-1.15.1-55.52.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | libkadm5 | < 1.15.1-55.52.amzn1 | libkadm5-1.15.1-55.52.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | krb5-server | < 1.15.1-55.52.amzn1 | krb5-server-1.15.1-55.52.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | krb5-devel | < 1.15.1-55.52.amzn1 | krb5-devel-1.15.1-55.52.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | krb5-libs | < 1.15.1-55.52.amzn1 | krb5-libs-1.15.1-55.52.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | krb5-pkinit-openssl | < 1.15.1-55.52.amzn1 | krb5-pkinit-openssl-1.15.1-55.52.amzn1.i686.rpm |
| Amazon Linux | 1 | x86_64 | krb5-server | < 1.15.1-55.52.amzn1 | krb5-server-1.15.1-55.52.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | krb5-debuginfo | < 1.15.1-55.52.amzn1 | krb5-debuginfo-1.15.1-55.52.amzn1.x86_64.rpm |
Related
nessus
nessus
SUSE SLES12 Security Update : krb5 (SUSE-SU-2023:3398-1)
2023-08-24 00:00:00
Debian DLA-3626-1 : krb5 - LTS security update
2023-10-23 00:00:00
SUSE SLES15 Security Update : krb5 (SUSE-SU-2023:3365-1)
2023-08-19 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for krb5 (EulerOS-SA-2023-3131)
2023-11-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:3434-1)
2023-08-25 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:3398-1)
2023-08-24 00:00:00
debiancve
debiancve
CVE-2023-36054
2023-08-07 19:15:09
debian
debian
[SECURITY] [DLA 3626-1] krb5 security update
2023-10-22 20:50:42
cbl_mariner
cbl_mariner
CVE-2023-36054 affecting package krb5 for versions less than 1.19.4-2
2023-08-30 14:44:06
cve
cve
CVE-2023-36054
2023-08-07 19:15:09
osv
osv
krb5 vulnerability
2023-11-06 09:36:15
krb5 vulnerability
2023-11-01 11:26:31
krb5 - security update
2023-10-22 00:00:00
prion
prion
Design/Logic Flaw
2023-08-07 19:15:00
cloudfoundry
cloudfoundry
USN-6467-2: Kerberos vulnerability | Cloud Foundry
2023-11-09 00:00:00
amazon
amazon
Medium: krb5
2023-08-31 22:28:00
ibm
ibm
ubuntu
ubuntu
Kerberos vulnerability
2023-11-06 00:00:00
Kerberos vulnerability
2023-11-01 00:00:00
cvelist
cvelist
CVE-2023-36054
2023-08-07 00:00:00
redos
redos
ROS-20240405-04
2024-04-05 00:00:00
redhatcve
redhatcve
CVE-2023-36054
2023-08-22 17:50:19
veracode
veracode
Denial Of Service (DoS)
2023-08-11 04:04:24
ubuntucve
ubuntucve
CVE-2023-36054
2023-08-07 00:00:00
slackware
slackware
[slackware-security] krb5
2023-07-12 20:49:22
redhat
redhat
(RHSA-2023:6699) Moderate: krb5 security and bug fix update
2023-11-07 06:12:13
photon
photon
Moderate Photon OS Security Update - PHSA-2023-5.0-0062
2023-08-01 00:00:00
Moderate Photon OS Security Update - PHSA-2023-3.0-0624
2023-08-01 00:00:00
Important Photon OS Security Update - PHSA-2023-4.0-0442
2023-08-01 00:00:00
oraclelinux
oraclelinux
krb5 security and bug fix update
2023-11-11 00:00:00
almalinux
almalinux
Moderate: krb5 security and bug fix update
2023-11-07 00:00:00
gentoo
gentoo
MIT krb5: Multiple Vulnerabilities
2024-05-05 00:00:00
hp
hp
HP ThinPro 8.1 SP 2 Security Updates
2024-04-12 00:00:00
HP ThinPro 8.0 SP 8 Security Updates
2024-03-01 00:00:00
ics
ics
Siemens SCALANCE XCM-/XRM-300
2024-02-15 12:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00