{"id":"MGASA-2017-0420","summary":"Updated krb5 packages fix security vulnerabilities","details":"An authentication bypass flaw was found in the way krb5's certauth\ninterface handled the validation of client certificates. A remote\nattacker able to communicate with the KDC could potentially use this\nflaw to impersonate arbitrary principals under rare and erroneous\ncircumstances (CVE-2017-7562).\nNote that this issue only affects Mageia 6.\n\nRFC 2744 permits a GSS-API implementation to delete an existing security\ncontext on a second or subsequent call to gss_init_sec_context() or\ngss_accept_sec_context() if the call results in an error.  This API\nbehavior has been found to be dangerous, leading to the possibility of\nmemory errors in some callers.  For safety, GSS-API implementations\nshould instead preserve existing security contexts on error until the\ncaller deletes them (CVE-2017-11462).\n\nA buffer overflow vulnerability was found in get_matching_data()\nfunction when both the CA cert and the user cert have a long subject\naffecting krb5 that includes certauth plugin. Attack requires a\nvalidated certificate with a long subject and issuer, and a\n\"pkinit_cert_match\" string attribute on some principal in the database.\nA remote code execution exploit might also require that the attacker\ngets to choose the contents of the issuer in the validated cert\n(CVE-2017-15088).\n","modified":"2026-04-16T06:23:47.043309473Z","published":"2017-11-20T21:18:02Z","upstream":["CVE-2017-11462","CVE-2017-15088","CVE-2017-7562"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0420.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=21628"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2XIPFDWKYB3HQKSWLVJ6AAPFEG6BEPE3/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2FPRUP4YVOEBGEROUYWZFEQ64HTMGNED/"},{"type":"WEB","url":"https://lists.opensuse.org/opensuse-updates/2017-11/msg00039.html"}],"affected":[{"package":{"name":"krb5","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/krb5?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.12.5-1.3.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0420.json"}},{"package":{"name":"krb5","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/krb5?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.15.1-2.2.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0420.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}