CVE-2023-39975

Опубликовано: 16 авг. 2023

Источник: redhat

CVSS3: 8.8

Описание

kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.

A vulnerability was found in MIT krb5, where an authenticated attacker can cause a KDC to free the same pointer twice if it can induce a failure in authorization data handling.

Отчет

This vulnerability is rated as an Important because a double-free vulnerability was found in krb5 KDC within the TGS processing logic. The flaw is triggered when an authenticated attacker sends a TGS renew or validate request that induces a failure in authorization data handling. This action causes the same memory pointer to be freed twice, leading to a crash, successful exploitation could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS).

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 6	krb5	Not affected
Red Hat Enterprise Linux 7	krb5	Not affected
Red Hat Enterprise Linux 8	krb5	Not affected
Red Hat Enterprise Linux 9	krb5	Fixed	RHSA-2023:6699	07.11.2023
Red Hat Enterprise Linux 9	krb5	Fixed	RHSA-2023:6699	07.11.2023