SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   Kerberos Vendors:   MIT
(Oracle Issues Fix for Oracle Linux) MIT Kerberos Lets Remote Authenticated Users Gain Elevated Privileges in Certain Cases
SecurityTracker Alert ID:  1042081
SecurityTracker URL:  http://securitytracker.com/id/1042081
CVE Reference:   CVE-2018-5729, CVE-2018-5730   (Links to External Site)
Date:  Nov 12 2018
Impact:   User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): krb5 1.6 and later
Description:   Two vulnerabilities were reported in MIT Kerberos. A remote authenticated user can gain elevated privileges in certain cases.

A remote authenticated user with permission to add principals to an LDAP Kerberos database can circumvent a DN container check by supply specially crafted data to the target database module [CVE-2018-5729].

Sharwan Ram and Pooja Anil reported this vulnerability.

A remote authenticated user with permission to add principals to an LDAP Kerberos database can supply specially crafted data containing both a "linkdn" and "containerdn" database argument to the target database module [CVE-2018-5730].

Impact:   A remote authenticated user can gain elevated privileges on the target system in certain cases.
Solution:   Oracle has issued a fix.

The Oracle Linux advisory is available at:

http://linux.oracle.com/errata/ELSA-2018-3071.html

Vendor URL:  linux.oracle.com/errata/ELSA-2018-3071.html (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Oracle)
Underlying OS Comments:  7

Message History:   This archive entry is a follow-up to the message listed below.
Nov 12 2018 MIT Kerberos Lets Remote Authenticated Users Gain Elevated Privileges in Certain Cases



 Source Message Contents

Subject:  [El-errata] ELSA-2018-3071 Low: Oracle Linux 7 krb5 security, bug fix, and enhancement update

Oracle Linux Security Advisory ELSA-2018-3071

http://linux.oracle.com/errata/ELSA-2018-3071.html

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
krb5-devel-1.15.1-34.el7.i686.rpm
krb5-devel-1.15.1-34.el7.x86_64.rpm
krb5-libs-1.15.1-34.el7.i686.rpm
krb5-libs-1.15.1-34.el7.x86_64.rpm
krb5-pkinit-1.15.1-34.el7.x86_64.rpm
krb5-server-1.15.1-34.el7.x86_64.rpm
krb5-server-ldap-1.15.1-34.el7.x86_64.rpm
krb5-workstation-1.15.1-34.el7.x86_64.rpm
libkadm5-1.15.1-34.el7.i686.rpm
libkadm5-1.15.1-34.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/krb5-1.15.1-34.el7.src.rpm



Description of changes:

[1.15.1-34]
- In FIPS mode, add plaintext fallback for RC4 usages and taint
- Resolves: #1570600

[1.15.1-33]
- Use SHA-256 instead of MD5 for audit ticket IDs
- Resolves: #1570600

[1.15.1-32]
- Include preauth name in trace output if possible
- Update cert generation scripts to work on modern openssl
- Fix per-request preauth scoping
- Add test case for PKINIT DH renegotiation
- Echo KDC cookies in preauth tryagain
- Fall back to other preauth mechanisms after failures
- Resolves: #1540130

[1.15.1-31]
- Add German translation
- Resolves: #1497301

[1.15.1-30]
- Add default pkinit_anchors value to krb5.conf
- Resolves: #1508081

[1.15.1-29]
- Process profile includedir in sorted order
- Also, ignore dotfiles in included directories
- Resolves: #1539824

[1.15.1-28]
- Exit with status 0 from kadmind
- Resolves: #1373909

[1.15.1-27]
- Continue after KRB5_CC_END in KCM cache iteration
- Resolves: #1563166

[1.15.1-26]
- Merge duplicate subsections in profile library
- Resolves: #1519625

[1.15.1-25]
- Fix service dependencies on network state
- Resolves: #1525232

[1.15.1-24]
- Explicitly use openssl rather than builtin crypto
- Resolves: #1570600

[1.15.1-23]
- Fix flaws in LDAP DN checking (CVE-2018-5729, CVE-2018-5730)
- Resolves: #1562684
- Resolves: #1562679

[1.15.1-22]
- Fix segfault in finish_dispatch()
- Resolves: #1568970

[1.15.1-21]
- Unparse SANs with NO_REALM
- Resolves: #1482457

[1.15.1-20]
- Fix hex conversion of PKINIT certid strings
- Resolves: #1538491


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC