Debian libpam-krb5 buffer overflow fix for remote code executio
Reporter | Title | Published | Views | Family All 20 |
---|---|---|---|---|
Cvelist | CVE-2020-10595 | 31 Mar 202012:36 | – | cvelist |
Tenable Nessus | Ubuntu 16.04 LTS / 18.04 LTS : pam-krb5 vulnerability (USN-4314-1) | 2 Apr 202000:00 | – | nessus |
Tenable Nessus | Debian DSA-4648-1 : libpam-krb5 - security update | 2 Apr 202000:00 | – | nessus |
RedhatCVE | CVE-2020-10595 | 6 Apr 202014:05 | – | redhatcve |
OSV | libpam-krb5 - security update | 1 Apr 202000:00 | – | osv |
OSV | CVE-2020-10595 | 31 Mar 202013:15 | – | osv |
OSV | libpam-krb5 - security update | 31 Mar 202000:00 | – | osv |
ArchLinux | [ASA-202004-5] pam-krb5: arbitrary code execution | 1 Apr 202000:00 | – | archlinux |
NVD | CVE-2020-10595 | 31 Mar 202013:15 | – | nvd |
OpenVAS | Debian: Security Advisory (DLA-2166-1) | 2 Apr 202000:00 | – | openvas |
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-2166-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(135101);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/20");
script_cve_id("CVE-2020-10595");
script_name(english:"Debian DLA-2166-1 : libpam-krb5 security update");
script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing a security update.");
script_set_attribute(attribute:"description", value:
"The krb5 PAM module (pam_krb5.so) had a buffer overflow that might
have caused remote code execution in situations involving supplemental
prompting by a Kerberos library. It might have overflown a buffer
provided by the underlying Kerberos library by a single '\0' byte if
an attacker responded to a prompt with an answer of a carefully chosen
length. The effect may have ranged from heap corruption to stack
corruption depending on the structure of the underlying Kerberos
library, with unknown effects but possibly including code execution.
This code path had not been used for normal authentication, but only
when the Kerberos library did supplemental prompting, such as with
PKINIT or when using the non-standard no_prompt PAM configuration
option.
For Debian 8 'Jessie', this problem has been fixed in version
4.6-3+deb8u1. The fix was prepared by Mike Gabriel.
We recommend that you upgrade your libpam-krb5 packages.
NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2020/04/msg00000.html");
script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/jessie/libpam-krb5");
script_set_attribute(attribute:"solution", value:
"Upgrade the affected libpam-heimdal, and libpam-krb5 packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-10595");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/03/31");
script_set_attribute(attribute:"patch_publication_date", value:"2020/04/01");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/02");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpam-heimdal");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpam-krb5");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Debian Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"8.0", prefix:"libpam-heimdal", reference:"4.6-3+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"libpam-krb5", reference:"4.6-3+deb8u1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo