EulerOS 2.0 SP5 : krb5 (EulerOS-SA-2024-1145)

2024-02-0800:00:00

www.tenable.com

euleros

krb5

vulnerability

mit kerberos 5

remote user

crash

cve-2023-36054

kadmind

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

9.5 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

67.9%

JSON

According to the versions of the krb5 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because
_xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count. (CVE-2023-36054)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(190288);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/08");

  script_cve_id("CVE-2023-36054");

  script_name(english:"EulerOS 2.0 SP5 : krb5 (EulerOS-SA-2024-1145)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the krb5 packages installed, the EulerOS installation on the remote host is affected by the
following vulnerabilities :

  - lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an
    uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because
    _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array
    count. (CVE-2023-36054)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional
issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2024-1145
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d3bafc66");
  script_set_attribute(attribute:"solution", value:
"Update the affected krb5 packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-36054");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/07/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/02/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/02/08");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:krb5-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:krb5-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:krb5-pkinit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:krb5-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:krb5-server-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:krb5-workstation");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libkadm5");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var _release = get_kb_item("Host/EulerOS/release");
if (isnull(_release) || _release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (_release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5");

var sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(5)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5");

if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu && "x86" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "x86" >!< cpu) audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

var flag = 0;

var pkgs = [
  "krb5-devel-1.15.1-34.h9.eulerosv2r7",
  "krb5-libs-1.15.1-34.h9.eulerosv2r7",
  "krb5-pkinit-1.15.1-34.h9.eulerosv2r7",
  "krb5-server-1.15.1-34.h9.eulerosv2r7",
  "krb5-server-ldap-1.15.1-34.h9.eulerosv2r7",
  "krb5-workstation-1.15.1-34.h9.eulerosv2r7",
  "libkadm5-1.15.1-34.h9.eulerosv2r7"
];

foreach (var pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"5", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "krb5");
}

VendorProductVersionCPE
huaweieuleroskrb5-develp-cpe:/a:huawei:euleros:krb5-devel
huaweieuleroskrb5-libsp-cpe:/a:huawei:euleros:krb5-libs
huaweieuleroskrb5-pkinitp-cpe:/a:huawei:euleros:krb5-pkinit
huaweieuleroskrb5-serverp-cpe:/a:huawei:euleros:krb5-server
huaweieuleroskrb5-server-ldapp-cpe:/a:huawei:euleros:krb5-server-ldap
huaweieuleroskrb5-workstationp-cpe:/a:huawei:euleros:krb5-workstation
huaweieuleroslibkadm5p-cpe:/a:huawei:euleros:libkadm5
huaweieuleros2.0cpe:/o:huawei:euleros:2.0

Vendor	Product	Version	CPE
huawei	euleros	krb5-devel	p-cpe:/a:huawei:euleros:krb5-devel
huawei	euleros	krb5-libs	p-cpe:/a:huawei:euleros:krb5-libs
huawei	euleros	krb5-pkinit	p-cpe:/a:huawei:euleros:krb5-pkinit
huawei	euleros	krb5-server	p-cpe:/a:huawei:euleros:krb5-server
huawei	euleros	krb5-server-ldap	p-cpe:/a:huawei:euleros:krb5-server-ldap
huawei	euleros	krb5-workstation	p-cpe:/a:huawei:euleros:krb5-workstation
huawei	euleros	libkadm5	p-cpe:/a:huawei:euleros:libkadm5
huawei	euleros	2.0	cpe:/o:huawei:euleros:2.0