Login
Newsletter
Werbung
Sicherheit: Mangelnde Rechteprüfung in Kerberos
Aktuelle Meldungen Distributionen
Name: Mangelnde Rechteprüfung in Kerberos
ID: USN-7257-1
Distribution: Ubuntu
Plattformen: Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 24.10
Datum: Do, 6. Februar 2025, 16:05
Referenzen: https://www.cve.org/CVERecord?id=CVE-2024-3596
Applikationen: MIT Kerberos

Originalnachricht

 
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============4362716865729698810==
Content-Language: en-US
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="------------EiqcON2iluhN3Pnw8zK5LszR"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------EiqcON2iluhN3Pnw8zK5LszR
Content-Type: multipart/mixed;
 boundary="------------Jz8SB4XiSjiTnVaRsXHlfZmw";
 protected-headers="v1"
From: Nico Campuzano <nicolas.campuzano@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <ec8c8917-70d5-488b-966c-c6a63e24a040@canonical.com>
Subject: [USN-7257-1] Kerberos vulnerability

--------------Jz8SB4XiSjiTnVaRsXHlfZmw
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64

==========================================================================
Ubuntu Security Notice USN-7257-1
February 05, 2025

krb5 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

A system authentication measure could be bypassed.

Software Description:
- krb5: MIT Kerberos Network Authentication Protocol

Details:

Goldberg, Miro Haller, Nadia Heninger, Mike Milano, Dan Shumow, Marc
Stevens, and Adam Suhl discovered that Kerberos incorrectly authenticated
certain responses. An attacker able to intercept communications between a
RADIUS client and server could possibly use this issue to forge responses,
bypass authentication, and access network devices and services.

This update introduces support for the Message-Authenticator attribute in
non-EAP authentication methods for communications between Kerberos and a
RADIUS server.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
   libk5crypto3                    1.21.3-3ubuntu0.1
   libkrad0                        1.21.3-3ubuntu0.1

Ubuntu 24.04 LTS
   libk5crypto3                    1.20.1-6ubuntu2.3
   libkrad0                        1.20.1-6ubuntu2.3

Ubuntu 22.04 LTS
   libk5crypto3                    1.19.2-2ubuntu0.5
   libkrad0                        1.19.2-2ubuntu0.5

Ubuntu 20.04 LTS
   libk5crypto3                    1.17-6ubuntu4.8
   libkrad0                        1.17-6ubuntu4.8

Ubuntu 18.04 LTS
   libk5crypto3                    1.16-2ubuntu0.4+esm3
                                   Available with Ubuntu Pro
   libkrad0                        1.16-2ubuntu0.4+esm3
                                   Available with Ubuntu Pro

Ubuntu 16.04 LTS
   libk5crypto3                    1.13.2+dfsg-5ubuntu2.2+esm6
                                   Available with Ubuntu Pro
   libkrad0                        1.13.2+dfsg-5ubuntu2.2+esm6
                                   Available with Ubuntu Pro

Ubuntu 14.04 LTS
   libk5crypto3                    1.12+dfsg-2ubuntu5.4+esm6
                                   Available with Ubuntu Pro
   libkrad0                        1.12+dfsg-2ubuntu5.4+esm6
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-7257-1
   CVE-2024-3596

Package Information:
   https://launchpad.net/ubuntu/+source/krb5/1.21.3-3ubuntu0.1
   https://launchpad.net/ubuntu/+source/krb5/1.20.1-6ubuntu2.3
   https://launchpad.net/ubuntu/+source/krb5/1.19.2-2ubuntu0.5
   https://launchpad.net/ubuntu/+source/krb5/1.17-6ubuntu4.8

--------------Jz8SB4XiSjiTnVaRsXHlfZmw--

--------------EiqcON2iluhN3Pnw8zK5LszR
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature.asc"

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEEKl1CaPno2Qy4/AU8lFzKVeTWQe4FAmei9lcFAwAAAAAACgkQlFzKVeTWQe5f
VRAAoGLKEVOQjHNxQ5s0R5FMqVBiVk7CfMKq7sE5FDhCwRW3qnFBwbRunL78DtShIDYtmu9plriU
kvLE0P6nSygxediPin5G3rnsSlKiJ3ywY5yZgojcVI7dMuVvxohRxd7RBYuOlsqQOU7DVdIaJqsO
Sk05RlKsXZUr/D9ZSI6Nwb2kCInHFZu3S54hY+V5tWOTmtJlIMIcZFGrbgs6oPQNE3DmT8Qs0Mz/
0f1y9CE5KwkVOJC7mTGuwICOK9rj7vkm5M/by/gtt5OsxyZOaWauiXFq0LEiFcCSQ0PZbxutGgC0
EHk+HrnSudPOqhAWBCQJeqbSnAY4RTtW58QxL0XvGYKRqFWuXiDhJ2cKyZJJZdiNycZ0N39upTpr
NJBz14UDWseoLJBJn3tAZrikPtNjZ1qwYKobroIgDniDj/unaER1GQUSYPQuycP3VhmpVoCvA7iH
BKhT/nHFL1jVeTwWYxaIm15TO6oP7bGo4JmzGBjhIBKfIV0Sxo6nS6UurZ/P34uGDXVNQHVTTu5C
N+xZAMn6fNdZbMH9LjgDGFSj5Z/cFcmF1zUjXsgBLCq0pI9tFpCfcpYunXgKdG3jhbYTRSuktIFs
Vm5wkE4awaURk9hDk9VHL8lMvHLvlrwyRQIbaB+O6ai7orXScRekh9bCy1PNoBm0X8QYRHpSCXcU
RN0=
=Bswa
-----END PGP SIGNATURE-----

--------------EiqcON2iluhN3Pnw8zK5LszR--


--===============4362716865729698810==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

Cg==

--===============4362716865729698810==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung