Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2022-41916
Vulnerability from cvelistv5
Published
2022-11-15 00:00
Modified
2024-08-03 12:56
Severity ?
EPSS score ?
0.22%
(0.41673)
Summary
Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal's libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:56:38.394Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx", }, { name: "DSA-5287", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5287", }, { name: "[debian-lts-announce] 20221126 [SECURITY] [DLA 3206-1] heimdal security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20230216-0008/", }, { name: "GLSA-202310-06", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202310-06", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "heimdal", vendor: "heimdal", versions: [ { status: "affected", version: "< 7.7.1", }, ], }, ], descriptions: [ { lang: "en", value: "Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal's libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-193", description: "CWE-193: Off-by-one Error", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-08T08:06:36.676150", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { url: "https://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx", }, { name: "DSA-5287", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2022/dsa-5287", }, { name: "[debian-lts-announce] 20221126 [SECURITY] [DLA 3206-1] heimdal security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html", }, { url: "https://security.netapp.com/advisory/ntap-20230216-0008/", }, { name: "GLSA-202310-06", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202310-06", }, ], source: { advisory: "GHSA-mgqr-gvh6-23cx", discovery: "UNKNOWN", }, title: "Read one byte past a buffer when normalizing Unicode", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2022-41916", datePublished: "2022-11-15T00:00:00", dateReserved: "2022-09-30T00:00:00", dateUpdated: "2024-08-03T12:56:38.394Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { fkie_nvd: { configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:heimdal_project:heimdal:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"7.7.1\", \"matchCriteriaId\": \"537FE65E-6E3F-4441-8B35-7B48214EA04D\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]}]", descriptions: "[{\"lang\": \"en\", \"value\": \"Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal's libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue.\"}, {\"lang\": \"es\", \"value\": \"Heimdal es una implementaci\\u00f3n de ASN.1/DER, PKIX y Kerberos. Las versiones anteriores a la 7.7.1 son vulnerables a una vulnerabilidad de denegaci\\u00f3n de servicio en la biblioteca de validaci\\u00f3n de certificados PKI de Heimdal, lo que afecta a KDC (a trav\\u00e9s de PKINIT) y kinit (a trav\\u00e9s de PKINIT), as\\u00ed como a cualquier aplicaci\\u00f3n de terceros que utilice libhx509 de Heimdal. Los usuarios deben actualizar a Heimdal 7.7.1 o 7.8. No se conocen workarounds para este problema.\"}]", id: "CVE-2022-41916", lastModified: "2024-11-21T07:24:03.720", metrics: "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 5.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}", published: "2022-11-15T23:15:27.197", references: "[{\"url\": \"https://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202310-06\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230216-0008/\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://www.debian.org/security/2022/dsa-5287\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202310-06\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230216-0008/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.debian.org/security/2022/dsa-5287\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]", sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-193\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-193\"}]}]", }, nvd: "{\"cve\":{\"id\":\"CVE-2022-41916\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2022-11-15T23:15:27.197\",\"lastModified\":\"2024-11-21T07:24:03.720\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal's libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue.\"},{\"lang\":\"es\",\"value\":\"Heimdal es una implementación de ASN.1/DER, PKIX y Kerberos. Las versiones anteriores a la 7.7.1 son vulnerables a una vulnerabilidad de denegación de servicio en la biblioteca de validación de certificados PKI de Heimdal, lo que afecta a KDC (a través de PKINIT) y kinit (a través de PKINIT), así como a cualquier aplicación de terceros que utilice libhx509 de Heimdal. Los usuarios deben actualizar a Heimdal 7.7.1 o 7.8. No se conocen workarounds para este problema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-193\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-193\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:heimdal_project:heimdal:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.7.1\",\"matchCriteriaId\":\"537FE65E-6E3F-4441-8B35-7B48214EA04D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]}],\"references\":[{\"url\":\"https://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202310-06\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20230216-0008/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://www.debian.org/security/2022/dsa-5287\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202310-06\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20230216-0008/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2022/dsa-5287\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}", }, }
wid-sec-w-2022-2372
Vulnerability from csaf_certbund
Published
2022-12-19 23:00
Modified
2023-01-19 23:00
Summary
genua genugate: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Die genugate ist ein mehrstufiges Firewallprodukt des Herstellers genua GmbH.
Angriff
Ein entfernter, anonymer Angreifer kann einige der mehreren Schwachstellen in Komponenten von Drittanbietern ausnutzen, die von genua genugate verwendet werden, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen.
Betroffene Betriebssysteme
- Sonstiges
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Die genugate ist ein mehrstufiges Firewallprodukt des Herstellers genua GmbH.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann einige der mehreren Schwachstellen in Komponenten von Drittanbietern ausnutzen, die von genua genugate verwendet werden, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen.", title: "Angriff", }, { category: "general", text: "- Sonstiges", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2022-2372 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-2372.json", }, { category: "self", summary: "WID-SEC-2022-2372 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-2372", }, { category: "external", summary: "Genua Patch vom 2022-12-19", url: "https://kunde.genua.de/nc/suche/view/neuer-patch-genugate-105p1-verfuegbar.html?tx_genusupport_content%5Bidentity%5D=0&tx_genusupport_content%5BsearchTerm%5D=&tx_genusupport_content%5BforcePath%5D=&tx_genusupport_content%5Baction%5D=genuSupportSearch&tx_genusupport_content%5Bcontroller%5D=Content&cHash=37a9613baf9adebc3e20772aaa249fc3", }, { category: "external", summary: "Genua Patch vom 2022-12-19", url: "https://kunde.genua.de/nc/suche/view/neuer-patch-genugate-104p2-verfuegbar.html?tx_genusupport_content%5Bidentity%5D=0&tx_genusupport_content%5BsearchTerm%5D=&tx_genusupport_content%5BforcePath%5D=&tx_genusupport_content%5Baction%5D=genuSupportSearch&tx_genusupport_content%5Bcontroller%5D=Content&cHash=9cc97408444883591a94c7b03271ff7b", }, { category: "external", summary: "Genua Patch vom 2022-12-19", url: "https://kunde.genua.de/nc/suche/view/neuer-patch-genugate-100p12-verfuegbar.html?tx_genusupport_content%5Bidentity%5D=0&tx_genusupport_content%5BsearchTerm%5D=&tx_genusupport_content%5BforcePath%5D=&tx_genusupport_content%5Baction%5D=genuSupportSearch&tx_genusupport_content%5Bcontroller%5D=Content&cHash=ef1c457a05f6f4465cc46f9369fe23d5", }, ], source_lang: "en-US", title: "genua genugate: Mehrere Schwachstellen", tracking: { current_release_date: "2023-01-19T23:00:00.000+00:00", generator: { date: "2024-08-15T17:40:14.418+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2022-2372", initial_release_date: "2022-12-19T23:00:00.000+00:00", revision_history: [ { date: "2022-12-19T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2023-01-19T23:00:00.000+00:00", number: "2", summary: "CVE Nummern ergänzt; Hinweis: nicht alle CVE bei genugate ausnutzbar", }, ], status: "final", version: "2", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "genua genugate < 10.0p12", product: { name: "genua genugate < 10.0p12", product_id: "T025654", product_identification_helper: { cpe: "cpe:/h:genua:genugate:10.0p12", }, }, }, { category: "product_name", name: "genua genugate < 10.4p2", product: { name: "genua genugate < 10.4p2", product_id: "T025655", product_identification_helper: { cpe: "cpe:/h:genua:genugate:10.4p2", }, }, }, { category: "product_name", name: "genua genugate < 10.5p1", product: { name: "genua genugate < 10.5p1", product_id: "T025656", product_identification_helper: { cpe: "cpe:/h:genua:genugate:10.5p1", }, }, }, ], category: "product_name", name: "genugate", }, ], category: "vendor", name: "genua", }, ], }, vulnerabilities: [ { cve: "CVE-2022-44640", notes: [ { category: "description", text: "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen.", }, ], release_date: "2022-12-19T23:00:00.000+00:00", title: "CVE-2022-44640", }, { cve: "CVE-2022-44638", notes: [ { category: "description", text: "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen.", }, ], release_date: "2022-12-19T23:00:00.000+00:00", title: "CVE-2022-44638", }, { cve: "CVE-2022-43680", notes: [ { category: "description", text: "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen.", }, ], release_date: "2022-12-19T23:00:00.000+00:00", title: "CVE-2022-43680", }, { cve: "CVE-2022-42916", notes: [ { category: "description", text: "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen.", }, ], release_date: "2022-12-19T23:00:00.000+00:00", title: "CVE-2022-42916", }, { cve: "CVE-2022-42915", notes: [ { category: "description", text: "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen.", }, ], release_date: "2022-12-19T23:00:00.000+00:00", title: "CVE-2022-42915", }, { cve: "CVE-2022-42898", notes: [ { category: "description", text: "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen.", }, ], release_date: "2022-12-19T23:00:00.000+00:00", title: "CVE-2022-42898", }, { cve: "CVE-2022-41916", notes: [ { category: "description", text: "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen.", }, ], release_date: "2022-12-19T23:00:00.000+00:00", title: "CVE-2022-41916", }, { cve: "CVE-2022-40674", notes: [ { category: "description", text: "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen.", }, ], release_date: "2022-12-19T23:00:00.000+00:00", title: "CVE-2022-40674", }, { cve: "CVE-2022-40304", notes: [ { category: "description", text: "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen.", }, ], release_date: "2022-12-19T23:00:00.000+00:00", title: "CVE-2022-40304", }, { cve: "CVE-2022-40303", notes: [ { category: "description", text: "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen.", }, ], release_date: "2022-12-19T23:00:00.000+00:00", title: "CVE-2022-40303", }, { cve: "CVE-2022-35260", notes: [ { category: "description", text: "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen.", }, ], release_date: "2022-12-19T23:00:00.000+00:00", title: "CVE-2022-35260", }, { cve: "CVE-2022-35252", notes: [ { category: "description", text: "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen.", }, ], release_date: "2022-12-19T23:00:00.000+00:00", title: "CVE-2022-35252", }, { cve: "CVE-2022-3437", notes: [ { category: "description", text: "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen.", }, ], release_date: "2022-12-19T23:00:00.000+00:00", title: "CVE-2022-3437", }, { cve: "CVE-2022-32221", notes: [ { category: "description", text: "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen.", }, ], release_date: "2022-12-19T23:00:00.000+00:00", title: "CVE-2022-32221", }, { cve: "CVE-2021-44758", notes: [ { category: "description", text: "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen.", }, ], release_date: "2022-12-19T23:00:00.000+00:00", title: "CVE-2021-44758", }, { cve: "CVE-2021-3671", notes: [ { category: "description", text: "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen.", }, ], release_date: "2022-12-19T23:00:00.000+00:00", title: "CVE-2021-3671", }, ], }
WID-SEC-W-2022-2057
Vulnerability from csaf_certbund
Published
2022-11-15 23:00
Modified
2024-10-27 23:00
Summary
Heimdal: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Heimdal ist eine Kerberos 5 Implementierung.
Kerberos ist ein verteilter Netzwerkdienst zur Authentifizierung. MIT Kerberos ist die freie Implementierung des "Kerberos network authentication protocol", des Massachusetts Institute of Technology (MIT).
Samba ist eine Open Source Software Suite, die Druck- und Dateidienste für SMB/CIFS Clients implementiert.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Heimdal, Samba, MIT Kerberos und FreeBSD Project FreeBSD OS ausnutzen, um einen Denial of Service Angriff durchzuführen, und um beliebigen Code auszuführen.
Betroffene Betriebssysteme
- Linux
- UNIX
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Heimdal ist eine Kerberos 5 Implementierung.\r\nKerberos ist ein verteilter Netzwerkdienst zur Authentifizierung. MIT Kerberos ist die freie Implementierung des \"Kerberos network authentication protocol\", des Massachusetts Institute of Technology (MIT).\r\nSamba ist eine Open Source Software Suite, die Druck- und Dateidienste für SMB/CIFS Clients implementiert.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein Angreifer kann mehrere Schwachstellen in Heimdal, Samba, MIT Kerberos und FreeBSD Project FreeBSD OS ausnutzen, um einen Denial of Service Angriff durchzuführen, und um beliebigen Code auszuführen.", title: "Angriff", }, { category: "general", text: "- Linux\n- UNIX\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2022-2057 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-2057.json", }, { category: "self", summary: "WID-SEC-2022-2057 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-2057", }, { category: "external", summary: "FreeBSD Security Advisory FREEBSD-SA-22:14.HEIMDAL vom 2022-11-15", url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-22:14.heimdal.asc", }, { category: "external", summary: "Heimdal 7.7.1 - Security Fix Release vom 2022-11-15", url: "https://github.com/heimdal/heimdal/releases/tag/heimdal-7.7.1", }, { category: "external", summary: "Heimdal 7.8 - Security Fix Release vom 2022-11-15", url: "https://github.com/heimdal/heimdal/releases/tag/heimdal-7.8.0", }, { category: "external", summary: "MIT krb5 Security Advisory 2022-001 vom 2022-11-15", url: "https://web.mit.edu/kerberos/advisories/MITKRB5-SA-2022-001.txt", }, { category: "external", summary: "Samba Security Announcement CVE-2022-42898 vom 2022-11-15", url: "https://www.samba.org/samba/security/CVE-2022-42898.html", }, { category: "external", summary: "Synology Security Advisory SYNOLOGY-SA-22:22 vom 2022-11-19", url: "https://www.synology.com/en-global/support/security/Synology_SA_22_22", }, { category: "external", summary: "Debian Security Advisory DSA-5286 vom 2022-11-19", url: "https://lists.debian.org/debian-security-announce/2022/msg00257.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2022:4155-1 vom 2022-11-21", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013049.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2022:4153-1 vom 2022-11-21", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013050.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2022:4154-1 vom 2022-11-21", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013053.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2022:4167-1 vom 2022-11-22", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013065.html", }, { category: "external", summary: "Debian Security Advisory DSA-5287 vom 2022-11-22", url: "https://lists.debian.org/debian-security-announce/2022/msg00258.html", }, { category: "external", summary: "Debian Security Advisory DLA-3206 vom 2022-11-26", url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2022-8637 vom 2022-11-29", url: "https://linux.oracle.com/errata/ELSA-2022-8637.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2022:8638 vom 2022-11-28", url: "https://access.redhat.com/errata/RHSA-2022:8638", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2022:8648 vom 2022-11-28", url: "https://access.redhat.com/errata/RHSA-2022:8648", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2022:8637 vom 2022-11-28", url: "https://access.redhat.com/errata/RHSA-2022:8637", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2022:8639 vom 2022-11-28", url: "https://access.redhat.com/errata/RHSA-2022:8639", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2022:8640 vom 2022-11-28", url: "https://access.redhat.com/errata/RHSA-2022:8640", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2022:8641 vom 2022-11-28", url: "https://access.redhat.com/errata/RHSA-2022:8641", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2022-8640 vom 2022-11-29", url: "https://linux.oracle.com/errata/ELSA-2022-8640.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2022-8638 vom 2022-11-29", url: "http://linux.oracle.com/errata/ELSA-2022-8638.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2022:8662 vom 2022-11-29", url: "https://access.redhat.com/errata/RHSA-2022:8662", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2022:8669 vom 2022-11-29", url: "https://access.redhat.com/errata/RHSA-2022:8669", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2022:8663 vom 2022-11-29", url: "https://access.redhat.com/errata/RHSA-2022:8663", }, { category: "external", summary: "Debian Security Advisory DLA-3213 vom 2022-11-29", url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00041.html", }, { category: "external", summary: "CentOS Security Advisory CESA-2022:8640 vom 2022-12-01", url: "https://lists.centos.org/pipermail/centos-announce/2022-November/073665.html", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2022-311128DD7E vom 2022-12-01", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2022-311128dd7e", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2022:8827 vom 2022-12-06", url: "https://access.redhat.com/errata/RHSA-2022:8827", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2022:4335-1 vom 2022-12-06", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013194.html", }, { category: "external", summary: "Ubuntu Security Notice USN-5766-1 vom 2022-12-08", url: "https://ubuntu.com/security/notices/USN-5766-1", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2022:4395-1 vom 2022-12-09", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013212.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2022:9029 vom 2022-12-14", url: "https://access.redhat.com/errata/RHSA-2022:9029", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2022:8893 vom 2022-12-15", url: "https://access.redhat.com/errata/RHSA-2022:8893", }, { category: "external", summary: "Samba Release Notes", url: "https://www.samba.org/samba/history/samba-4.17.4.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2023:0081-1 vom 2023-01-12", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-January/013465.html", }, { category: "external", summary: "Ubuntu Security Notice USN-5800-1 vom 2023-01-12", url: "https://ubuntu.com/security/notices/USN-5800-1", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS-2023-1915 vom 2023-01-23", url: "https://alas.aws.amazon.com/AL2/ALAS-2023-1915.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS-2023-1667 vom 2023-01-24", url: "https://alas.aws.amazon.com/ALAS-2023-1667.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS-2023-271 vom 2023-01-25", url: "https://alas.aws.amazon.com/AL2022/ALAS-2023-271.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS-2023-272 vom 2023-01-25", url: "https://alas.aws.amazon.com/AL2022/ALAS-2023-272.html", }, { category: "external", summary: "Ubuntu Security Notice USN-5828-1 vom 2023-01-25", url: "https://ubuntu.com/security/notices/USN-5828-1", }, { category: "external", summary: "Ubuntu Security Notice USN-5822-2 vom 2023-01-27", url: "https://ubuntu.com/security/notices/USN-5822-2", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2023:0160-1 vom 2023-01-26", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-January/013535.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2023:0198-1 vom 2023-01-27", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-January/013559.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS-2023-1680 vom 2023-02-06", url: "https://alas.aws.amazon.com/ALAS-2023-1680.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2023-12104 vom 2023-02-08", url: "https://linux.oracle.com/errata/ELSA-2023-12104.html", }, { category: "external", summary: "Ubuntu Security Notice USN-5936-1 vom 2023-03-08", url: "https://ubuntu.com/security/notices/USN-5936-1", }, { category: "external", summary: "QNAP Security Advisory QSA-23-03 vom 2023-03-29", url: "https://www.qnap.com/de-de/security-advisory/QSA-23-03", }, { category: "external", summary: "QNAP Security Advisory QSA-23-03 vom 2023-03-29", url: "https://www.qnap.com/go/security-advisory/qsa-23-03", }, { category: "external", summary: "IBM Security Bulletin 6967016 vom 2023-03-29", url: "https://www.ibm.com/support/pages/node/6967016", }, { category: "external", summary: "IBM Security Bulletin 6981101 vom 2023-04-05", url: "https://www.ibm.com/support/pages/node/6981101", }, { category: "external", summary: "ORACLE OVMSA-2023-0008 vom 2023-08-17", url: "https://oss.oracle.com/pipermail/oraclevm-errata/2023-August/001080.html", }, { category: "external", summary: "Gentoo Linux Security Advisory GLSA-202309-06 vom 2023-09-17", url: "https://security.gentoo.org/glsa/202309-06", }, { category: "external", summary: "Gentoo Linux Security Advisory GLSA-202310-06 vom 2023-10-08", url: "https://security.gentoo.org/glsa/202310-06", }, { category: "external", summary: "Gentoo Linux Security Advisory GLSA-202405-11 vom 2024-05-05", url: "https://security.gentoo.org/glsa/202405-11", }, { category: "external", summary: "Dell Security Advisory DSA-2023-162 vom 2024-06-14", url: "https://www.dell.com/support/kbdoc/de-de/000215555/dsa-2023-162-security-update-for-dell-idrac9-heimdal-vulnerability", }, { category: "external", summary: "HPE Security Bulletin vom 2024-10-25", url: "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbux04724en_us&docLocale=en_US", }, ], source_lang: "en-US", title: "Heimdal: Mehrere Schwachstellen", tracking: { current_release_date: "2024-10-27T23:00:00.000+00:00", generator: { date: "2024-10-28T09:09:33.087+00:00", engine: { name: "BSI-WID", version: "1.3.8", }, }, id: "WID-SEC-W-2022-2057", initial_release_date: "2022-11-15T23:00:00.000+00:00", revision_history: [ { date: "2022-11-15T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2022-11-16T23:00:00.000+00:00", number: "2", summary: "Referenz(en) aufgenommen: FEDORA-2022-88CEFEF88C, FEDORA-2022-FBCA84B938, FEDORA-2022-EA403B373F, FEDORA-2022-003403EC6B, FEDORA-2022-C6E50D409B, FEDORA-2022-78038A4441, FEDORA-2022-A1747ACA80", }, { date: "2022-11-17T23:00:00.000+00:00", number: "3", summary: "Referenz(en) aufgenommen: FEDORA-2022-D680C70EBE", }, { date: "2022-11-20T23:00:00.000+00:00", number: "4", summary: "Neue Updates von Synology und Debian aufgenommen", }, { date: "2022-11-21T23:00:00.000+00:00", number: "5", summary: "Neue Updates von SUSE und Fedora aufgenommen", }, { date: "2022-11-22T23:00:00.000+00:00", number: "6", summary: "Neue Updates von SUSE und Debian aufgenommen", }, { date: "2022-11-27T23:00:00.000+00:00", number: "7", summary: "Neue Updates von Debian aufgenommen", }, { date: "2022-11-28T23:00:00.000+00:00", number: "8", summary: "Neue Updates von Oracle Linux und Red Hat aufgenommen", }, { date: "2022-11-29T23:00:00.000+00:00", number: "9", summary: "Neue Updates von Red Hat und Debian aufgenommen", }, { date: "2022-11-30T23:00:00.000+00:00", number: "10", summary: "Neue Updates von CentOS aufgenommen", }, { date: "2022-12-01T23:00:00.000+00:00", number: "11", summary: "Neue Updates von Fedora aufgenommen", }, { date: "2022-12-06T23:00:00.000+00:00", number: "12", summary: "Neue Updates von Red Hat und SUSE aufgenommen", }, { date: "2022-12-07T23:00:00.000+00:00", number: "13", summary: "Neue Updates von Ubuntu aufgenommen", }, { date: "2022-12-11T23:00:00.000+00:00", number: "14", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2022-12-14T23:00:00.000+00:00", number: "15", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2022-12-15T23:00:00.000+00:00", number: "16", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-01-12T23:00:00.000+00:00", number: "17", summary: "Neue Updates von SUSE und Ubuntu aufgenommen", }, { date: "2023-01-23T23:00:00.000+00:00", number: "18", summary: "Neue Updates von Amazon aufgenommen", }, { date: "2023-01-24T23:00:00.000+00:00", number: "19", summary: "Neue Updates von Amazon aufgenommen", }, { date: "2023-01-25T23:00:00.000+00:00", number: "20", summary: "Neue Updates von Ubuntu aufgenommen", }, { date: "2023-01-26T23:00:00.000+00:00", number: "21", summary: "Neue Updates von Ubuntu aufgenommen", }, { date: "2023-01-29T23:00:00.000+00:00", number: "22", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2023-02-06T23:00:00.000+00:00", number: "23", summary: "Neue Updates von Amazon aufgenommen", }, { date: "2023-02-08T23:00:00.000+00:00", number: "24", summary: "Neue Updates von Oracle Linux aufgenommen", }, { date: "2023-03-08T23:00:00.000+00:00", number: "25", summary: "Neue Updates von Ubuntu aufgenommen", }, { date: "2023-03-29T22:00:00.000+00:00", number: "26", summary: "Neue Updates von QNAP aufgenommen", }, { date: "2023-04-05T22:00:00.000+00:00", number: "27", summary: "Neue Updates von IBM aufgenommen", }, { date: "2023-08-17T22:00:00.000+00:00", number: "28", summary: "Neue Updates von ORACLE aufgenommen", }, { date: "2023-09-17T22:00:00.000+00:00", number: "29", summary: "Neue Updates von Gentoo aufgenommen", }, { date: "2023-10-08T22:00:00.000+00:00", number: "30", summary: "Neue Updates von Gentoo aufgenommen", }, { date: "2024-05-05T22:00:00.000+00:00", number: "31", summary: "Neue Updates von Gentoo aufgenommen", }, { date: "2024-06-13T22:00:00.000+00:00", number: "32", summary: "Neue Updates von Dell aufgenommen", }, { date: "2024-10-27T23:00:00.000+00:00", number: "33", summary: "Neue Updates von HP aufgenommen", }, ], status: "final", version: "33", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Amazon Linux 2", product: { name: "Amazon Linux 2", product_id: "398363", product_identification_helper: { cpe: "cpe:/o:amazon:linux_2:-", }, }, }, ], category: "vendor", name: "Amazon", }, { branches: [ { category: "product_name", name: "Debian Linux", product: { name: "Debian Linux", product_id: "2951", product_identification_helper: { cpe: "cpe:/o:debian:debian_linux:-", }, }, }, ], category: "vendor", name: "Debian", }, { branches: [ { branches: [ { category: "product_version", name: "9", product: { name: "Dell integrated Dell Remote Access Controller 9", product_id: "T015301", product_identification_helper: { cpe: "cpe:/h:dell:idrac:9", }, }, }, ], category: "product_name", name: "integrated Dell Remote Access Controller", }, ], category: "vendor", name: "Dell", }, { branches: [ { branches: [ { category: "product_version_range", name: "<13.1 stable", product: { name: "FreeBSD Project FreeBSD OS <13.1 stable", product_id: "T025344", }, }, { category: "product_version", name: "13.1 stable", product: { name: "FreeBSD Project FreeBSD OS 13.1 stable", product_id: "T025344-fixed", product_identification_helper: { cpe: "cpe:/o:freebsd:freebsd:13.1_stable", }, }, }, { category: "product_version_range", name: "<13.1 release p4", product: { name: "FreeBSD Project FreeBSD OS <13.1 release p4", product_id: "T025345", }, }, { category: "product_version", name: "13.1 release p4", product: { name: "FreeBSD Project FreeBSD OS 13.1 release p4", product_id: "T025345-fixed", product_identification_helper: { cpe: "cpe:/o:freebsd:freebsd:13.1_release_p4", }, }, }, { category: "product_version_range", name: "<12.4 stable", product: { name: "FreeBSD Project FreeBSD OS <12.4 stable", product_id: "T025346", }, }, { category: "product_version", name: "12.4 stable", product: { name: "FreeBSD Project FreeBSD OS 12.4 stable", product_id: "T025346-fixed", product_identification_helper: { cpe: "cpe:/o:freebsd:freebsd:12.4_stable", }, }, }, { category: "product_version_range", name: "<12.4 RC2 p1", product: { name: "FreeBSD Project FreeBSD OS <12.4 RC2 p1", product_id: "T025347", }, }, { category: "product_version", name: "12.4 RC2 p1", product: { name: "FreeBSD Project FreeBSD OS 12.4 RC2 p1", product_id: "T025347-fixed", product_identification_helper: { cpe: "cpe:/o:freebsd:freebsd:12.4_rc2_p1", }, }, }, { category: "product_version_range", name: "<12.3 release p9", product: { name: "FreeBSD Project FreeBSD OS <12.3 release p9", product_id: "T025348", }, }, { category: "product_version", name: "12.3 release p9", product: { name: "FreeBSD Project FreeBSD OS 12.3 release p9", product_id: "T025348-fixed", product_identification_helper: { cpe: "cpe:/o:freebsd:freebsd:12.3_release_p9", }, }, }, ], category: "product_name", name: "FreeBSD OS", }, ], category: "vendor", name: "FreeBSD Project", }, { branches: [ { category: "product_name", name: "Gentoo Linux", product: { name: "Gentoo Linux", product_id: "T012167", product_identification_helper: { cpe: "cpe:/o:gentoo:linux:-", }, }, }, ], category: "vendor", name: "Gentoo", }, { branches: [ { branches: [ { category: "product_version_range", name: "(CIFS) Client/Server <B.04.18.01.00", product: { name: "HPE HP-UX (CIFS) Client/Server <B.04.18.01.00", product_id: "T038611", }, }, { category: "product_version", name: "(CIFS) Client/Server B.04.18.01.00", product: { name: "HPE HP-UX (CIFS) Client/Server B.04.18.01.00", product_id: "T038611-fixed", product_identification_helper: { cpe: "cpe:/o:hp:hp-ux:%28cifs%29_clientserver__b.04.18.01.00", }, }, }, ], category: "product_name", name: "HP-UX", }, ], category: "vendor", name: "HPE", }, { branches: [ { branches: [ { category: "product_version_range", name: "<7.4.3 FP9", product: { name: "IBM QRadar SIEM <7.4.3 FP9", product_id: "T026829", }, }, { category: "product_version", name: "7.4.3 FP9", product: { name: "IBM QRadar SIEM 7.4.3 FP9", product_id: "T026829-fixed", product_identification_helper: { cpe: "cpe:/a:ibm:qradar_siem:7.4.3_fp9", }, }, }, { category: "product_version_range", name: "<7.5.0 UP4 IF01", product: { name: "IBM QRadar SIEM <7.5.0 UP4 IF01", product_id: "T026982", }, }, { category: "product_version", name: "7.5.0 UP4 IF01", product: { name: "IBM QRadar SIEM 7.5.0 UP4 IF01", product_id: "T026982-fixed", product_identification_helper: { cpe: "cpe:/a:ibm:qradar_siem:7.5.0_up4_if01", }, }, }, ], category: "product_name", name: "QRadar SIEM", }, { branches: [ { category: "product_version", name: "11.4", product: { name: "IBM Security Guardium 11.4", product_id: "1076561", product_identification_helper: { cpe: "cpe:/a:ibm:security_guardium:11.4", }, }, }, ], category: "product_name", name: "Security Guardium", }, ], category: "vendor", name: "IBM", }, { branches: [ { branches: [ { category: "product_version_range", name: ">=krb5-1.8", product: { name: "MIT Kerberos >=krb5-1.8", product_id: "T025336", }, }, { category: "product_version_range", name: ">=krb5-1.8", product: { name: "MIT Kerberos >=krb5-1.8", product_id: "T025336-fixed", }, }, ], category: "product_name", name: "Kerberos", }, ], category: "vendor", name: "MIT", }, { branches: [ { category: "product_name", name: "Open Source CentOS", product: { name: "Open Source CentOS", product_id: "1727", product_identification_helper: { cpe: "cpe:/o:centos:centos:-", }, }, }, { branches: [ { category: "product_version_range", name: "<7.8.0", product: { name: "Open Source Heimdal <7.8.0", product_id: "T025326", }, }, { category: "product_version", name: "7.8.0", product: { name: "Open Source Heimdal 7.8.0", product_id: "T025326-fixed", product_identification_helper: { cpe: "cpe:/a:heimdal:heimdal:7.8.0", }, }, }, { category: "product_version_range", name: "<7.7.1", product: { name: "Open Source Heimdal <7.7.1", product_id: "T025327", }, }, { category: "product_version", name: "7.7.1", product: { name: "Open Source Heimdal 7.7.1", product_id: "T025327-fixed", product_identification_helper: { cpe: "cpe:/a:heimdal:heimdal:7.7.1", }, }, }, ], category: "product_name", name: "Heimdal", }, { branches: [ { category: "product_version_range", name: "<4.15.12", product: { name: "Open Source Samba <4.15.12", product_id: "T025328", }, }, { category: "product_version", name: "4.15.12", product: { name: "Open Source Samba 4.15.12", product_id: "T025328-fixed", product_identification_helper: { cpe: "cpe:/a:samba:samba:4.15.12", }, }, }, { category: "product_version_range", name: "<4.16.7", product: { name: "Open Source Samba <4.16.7", product_id: "T025330", }, }, { category: "product_version", name: "4.16.7", product: { name: "Open Source Samba 4.16.7", product_id: "T025330-fixed", product_identification_helper: { cpe: "cpe:/a:samba:samba:4.16.7", }, }, }, { category: "product_version_range", name: "<4.17.3", product: { name: "Open Source Samba <4.17.3", product_id: "T025332", }, }, { category: "product_version", name: "4.17.3", product: { name: "Open Source Samba 4.17.3", product_id: "T025332-fixed", product_identification_helper: { cpe: "cpe:/a:samba:samba:4.17.3", }, }, }, { category: "product_version_range", name: "<4.17.4", product: { name: "Open Source Samba <4.17.4", product_id: "T025619", }, }, { category: "product_version", name: "4.17.4", product: { name: "Open Source Samba 4.17.4", product_id: "T025619-fixed", product_identification_helper: { cpe: "cpe:/a:samba:samba:4.17.4", }, }, }, ], category: "product_name", name: "Samba", }, ], category: "vendor", name: "Open Source", }, { branches: [ { category: "product_name", name: "Oracle Linux", product: { name: "Oracle Linux", product_id: "T004914", product_identification_helper: { cpe: "cpe:/o:oracle:linux:-", }, }, }, { branches: [ { category: "product_version", name: "3", product: { name: "Oracle VM 3", product_id: "T019617", product_identification_helper: { cpe: "cpe:/a:oracle:vm:3", }, }, }, ], category: "product_name", name: "VM", }, ], category: "vendor", name: "Oracle", }, { branches: [ { category: "product_name", name: "QNAP NAS", product: { name: "QNAP NAS", product_id: "T017100", product_identification_helper: { cpe: "cpe:/h:qnap:nas:-", }, }, }, ], category: "vendor", name: "QNAP", }, { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, { category: "product_name", name: "Red Hat OpenShift", product: { name: "Red Hat OpenShift", product_id: "367115", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:-", }, }, }, ], category: "vendor", name: "Red Hat", }, { branches: [ { category: "product_name", name: "SUSE Linux", product: { name: "SUSE Linux", product_id: "T002207", product_identification_helper: { cpe: "cpe:/o:suse:suse_linux:-", }, }, }, ], category: "vendor", name: "SUSE", }, { branches: [ { category: "product_name", name: "Ubuntu Linux", product: { name: "Ubuntu Linux", product_id: "T000126", product_identification_helper: { cpe: "cpe:/o:canonical:ubuntu_linux:-", }, }, }, ], category: "vendor", name: "Ubuntu", }, ], }, vulnerabilities: [ { cve: "CVE-2021-44758", notes: [ { category: "description", text: "Es gibt eine Schwachstelle in Heimdal, in Verbindung mit den \"SPNEGO\"-Akzeptoren. Ein Angreifer kann eine NULL-Zeiger-Dereferenz auslösen, um einen Denial-of-Service-Zustand zu erzeugen.", }, ], product_status: { known_affected: [ "67646", "1076561", "T038611", "T012167", "T015301", "T004914", "T017100", "T026829", "T025619", "2951", "T002207", "T025327", "T025326", "T025348", "T000126", "367115", "T025345", "T019617", "T025344", "398363", "T025347", "T025346", "1727", "T026982", ], }, release_date: "2022-11-15T23:00:00.000+00:00", title: "CVE-2021-44758", }, { cve: "CVE-2022-41916", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in Heimdal bezüglich der Normalisierung von Unicode. Es wird versucht, ein Byte hinter dem Ende eines Arrays zu lesen. Ein Angreifer kann dies für einen Denial of Service Angriff ausnutzen.", }, ], product_status: { known_affected: [ "67646", "1076561", "T038611", "T012167", "T015301", "T004914", "T017100", "T026829", "T025619", "2951", "T002207", "T025327", "T025326", "T000126", "367115", "T019617", "398363", "1727", "T026982", ], }, release_date: "2022-11-15T23:00:00.000+00:00", title: "CVE-2022-41916", }, { cve: "CVE-2022-42898", notes: [ { category: "description", text: "Es gibt eine Schwachstelle in Heimdal, wie es zum Beispiel in Samba, MIT Kerberos und FreeBSD OS verwendet wird. Bei der Verarbeitung von Privilege-Attribute-Zertifikaten (PAC) können mehrere Integer-Überlaufsituationen auftreten. Ein Angreifer kann dies ausnutzen, um einen Denial of Service Zustand zu erzeugen und KDC-Informationen offenzulegen. Auf 32-Bit-Plattformen kann ein Angreifer dies auch ausnutzen, um potenziell beliebigen Code auszuführen. Der Angreifer muss im Besitz des Langzeitschlüssels des Dienstes sein, um dies erfolgreich auszunutzen.", }, ], product_status: { known_affected: [ "67646", "T015301", "T004914", "T026829", "T025619", "T019617", "398363", "T025330", "T026982", "T025332", "1076561", "T038611", "T012167", "T017100", "2951", "T002207", "T025327", "T025326", "T025348", "T000126", "T025328", "367115", "T025345", "T025344", "T025347", "T025346", "1727", ], }, release_date: "2022-11-15T23:00:00.000+00:00", title: "CVE-2022-42898", }, { cve: "CVE-2022-44640", notes: [ { category: "description", text: "In Heimdal besteht eine Schwachstelle im ASN.1 Codec. Beim Umgang mit speziell gestalteten DER-kodierten Eingaben kann eine ungültige \"free()\"-Operation an einer Adresse auftreten, die teilweise oder vollständig unter der Kontrolle des Angreifers steht. Ein Angreifer kann dies ausnutzen, um potenziell beliebigen Code auf dem KDC auszuführen, was bedeutet, dass Anmeldeinformationen kompromittiert werden können, die dazu verwendet werden können, sich als ein beliebiger Benutzer in einem Realm oder Forest of Realms auszugeben.", }, ], product_status: { known_affected: [ "67646", "1076561", "T038611", "T012167", "T015301", "T004914", "T017100", "T026829", "T025619", "2951", "T002207", "T025327", "T025326", "T025348", "T000126", "367115", "T025345", "T019617", "T025344", "398363", "T025347", "T025346", "1727", "T026982", ], }, release_date: "2022-11-15T23:00:00.000+00:00", title: "CVE-2022-44640", }, ], }
WID-SEC-W-2022-2372
Vulnerability from csaf_certbund
Published
2022-12-19 23:00
Modified
2023-01-19 23:00
Summary
genua genugate: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Die genugate ist ein mehrstufiges Firewallprodukt des Herstellers genua GmbH.
Angriff
Ein entfernter, anonymer Angreifer kann einige der mehreren Schwachstellen in Komponenten von Drittanbietern ausnutzen, die von genua genugate verwendet werden, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen.
Betroffene Betriebssysteme
- Sonstiges
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Die genugate ist ein mehrstufiges Firewallprodukt des Herstellers genua GmbH.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann einige der mehreren Schwachstellen in Komponenten von Drittanbietern ausnutzen, die von genua genugate verwendet werden, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen.", title: "Angriff", }, { category: "general", text: "- Sonstiges", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2022-2372 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-2372.json", }, { category: "self", summary: "WID-SEC-2022-2372 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-2372", }, { category: "external", summary: "Genua Patch vom 2022-12-19", url: "https://kunde.genua.de/nc/suche/view/neuer-patch-genugate-105p1-verfuegbar.html?tx_genusupport_content%5Bidentity%5D=0&tx_genusupport_content%5BsearchTerm%5D=&tx_genusupport_content%5BforcePath%5D=&tx_genusupport_content%5Baction%5D=genuSupportSearch&tx_genusupport_content%5Bcontroller%5D=Content&cHash=37a9613baf9adebc3e20772aaa249fc3", }, { category: "external", summary: "Genua Patch vom 2022-12-19", url: "https://kunde.genua.de/nc/suche/view/neuer-patch-genugate-104p2-verfuegbar.html?tx_genusupport_content%5Bidentity%5D=0&tx_genusupport_content%5BsearchTerm%5D=&tx_genusupport_content%5BforcePath%5D=&tx_genusupport_content%5Baction%5D=genuSupportSearch&tx_genusupport_content%5Bcontroller%5D=Content&cHash=9cc97408444883591a94c7b03271ff7b", }, { category: "external", summary: "Genua Patch vom 2022-12-19", url: "https://kunde.genua.de/nc/suche/view/neuer-patch-genugate-100p12-verfuegbar.html?tx_genusupport_content%5Bidentity%5D=0&tx_genusupport_content%5BsearchTerm%5D=&tx_genusupport_content%5BforcePath%5D=&tx_genusupport_content%5Baction%5D=genuSupportSearch&tx_genusupport_content%5Bcontroller%5D=Content&cHash=ef1c457a05f6f4465cc46f9369fe23d5", }, ], source_lang: "en-US", title: "genua genugate: Mehrere Schwachstellen", tracking: { current_release_date: "2023-01-19T23:00:00.000+00:00", generator: { date: "2024-08-15T17:40:14.418+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2022-2372", initial_release_date: "2022-12-19T23:00:00.000+00:00", revision_history: [ { date: "2022-12-19T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2023-01-19T23:00:00.000+00:00", number: "2", summary: "CVE Nummern ergänzt; Hinweis: nicht alle CVE bei genugate ausnutzbar", }, ], status: "final", version: "2", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "genua genugate < 10.0p12", product: { name: "genua genugate < 10.0p12", product_id: "T025654", product_identification_helper: { cpe: "cpe:/h:genua:genugate:10.0p12", }, }, }, { category: "product_name", name: "genua genugate < 10.4p2", product: { name: "genua genugate < 10.4p2", product_id: "T025655", product_identification_helper: { cpe: "cpe:/h:genua:genugate:10.4p2", }, }, }, { category: "product_name", name: "genua genugate < 10.5p1", product: { name: "genua genugate < 10.5p1", product_id: "T025656", product_identification_helper: { cpe: "cpe:/h:genua:genugate:10.5p1", }, }, }, ], category: "product_name", name: "genugate", }, ], category: "vendor", name: "genua", }, ], }, vulnerabilities: [ { cve: "CVE-2022-44640", notes: [ { category: "description", text: "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen.", }, ], release_date: "2022-12-19T23:00:00.000+00:00", title: "CVE-2022-44640", }, { cve: "CVE-2022-44638", notes: [ { category: "description", text: "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen.", }, ], release_date: "2022-12-19T23:00:00.000+00:00", title: "CVE-2022-44638", }, { cve: "CVE-2022-43680", notes: [ { category: "description", text: "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen.", }, ], release_date: "2022-12-19T23:00:00.000+00:00", title: "CVE-2022-43680", }, { cve: "CVE-2022-42916", notes: [ { category: "description", text: "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen.", }, ], release_date: "2022-12-19T23:00:00.000+00:00", title: "CVE-2022-42916", }, { cve: "CVE-2022-42915", notes: [ { category: "description", text: "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen.", }, ], release_date: "2022-12-19T23:00:00.000+00:00", title: "CVE-2022-42915", }, { cve: "CVE-2022-42898", notes: [ { category: "description", text: "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen.", }, ], release_date: "2022-12-19T23:00:00.000+00:00", title: "CVE-2022-42898", }, { cve: "CVE-2022-41916", notes: [ { category: "description", text: "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen.", }, ], release_date: "2022-12-19T23:00:00.000+00:00", title: "CVE-2022-41916", }, { cve: "CVE-2022-40674", notes: [ { category: "description", text: "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen.", }, ], release_date: "2022-12-19T23:00:00.000+00:00", title: "CVE-2022-40674", }, { cve: "CVE-2022-40304", notes: [ { category: "description", text: "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen.", }, ], release_date: "2022-12-19T23:00:00.000+00:00", title: "CVE-2022-40304", }, { cve: "CVE-2022-40303", notes: [ { category: "description", text: "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen.", }, ], release_date: "2022-12-19T23:00:00.000+00:00", title: "CVE-2022-40303", }, { cve: "CVE-2022-35260", notes: [ { category: "description", text: "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen.", }, ], release_date: "2022-12-19T23:00:00.000+00:00", title: "CVE-2022-35260", }, { cve: "CVE-2022-35252", notes: [ { category: "description", text: "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen.", }, ], release_date: "2022-12-19T23:00:00.000+00:00", title: "CVE-2022-35252", }, { cve: "CVE-2022-3437", notes: [ { category: "description", text: "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen.", }, ], release_date: "2022-12-19T23:00:00.000+00:00", title: "CVE-2022-3437", }, { cve: "CVE-2022-32221", notes: [ { category: "description", text: "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen.", }, ], release_date: "2022-12-19T23:00:00.000+00:00", title: "CVE-2022-32221", }, { cve: "CVE-2021-44758", notes: [ { category: "description", text: "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen.", }, ], release_date: "2022-12-19T23:00:00.000+00:00", title: "CVE-2021-44758", }, { cve: "CVE-2021-3671", notes: [ { category: "description", text: "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen.", }, ], release_date: "2022-12-19T23:00:00.000+00:00", title: "CVE-2021-3671", }, ], }
wid-sec-w-2022-2057
Vulnerability from csaf_certbund
Published
2022-11-15 23:00
Modified
2024-10-27 23:00
Summary
Heimdal: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Heimdal ist eine Kerberos 5 Implementierung.
Kerberos ist ein verteilter Netzwerkdienst zur Authentifizierung. MIT Kerberos ist die freie Implementierung des "Kerberos network authentication protocol", des Massachusetts Institute of Technology (MIT).
Samba ist eine Open Source Software Suite, die Druck- und Dateidienste für SMB/CIFS Clients implementiert.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Heimdal, Samba, MIT Kerberos und FreeBSD Project FreeBSD OS ausnutzen, um einen Denial of Service Angriff durchzuführen, und um beliebigen Code auszuführen.
Betroffene Betriebssysteme
- Linux
- UNIX
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Heimdal ist eine Kerberos 5 Implementierung.\r\nKerberos ist ein verteilter Netzwerkdienst zur Authentifizierung. MIT Kerberos ist die freie Implementierung des \"Kerberos network authentication protocol\", des Massachusetts Institute of Technology (MIT).\r\nSamba ist eine Open Source Software Suite, die Druck- und Dateidienste für SMB/CIFS Clients implementiert.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein Angreifer kann mehrere Schwachstellen in Heimdal, Samba, MIT Kerberos und FreeBSD Project FreeBSD OS ausnutzen, um einen Denial of Service Angriff durchzuführen, und um beliebigen Code auszuführen.", title: "Angriff", }, { category: "general", text: "- Linux\n- UNIX\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2022-2057 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-2057.json", }, { category: "self", summary: "WID-SEC-2022-2057 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-2057", }, { category: "external", summary: "FreeBSD Security Advisory FREEBSD-SA-22:14.HEIMDAL vom 2022-11-15", url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-22:14.heimdal.asc", }, { category: "external", summary: "Heimdal 7.7.1 - Security Fix Release vom 2022-11-15", url: "https://github.com/heimdal/heimdal/releases/tag/heimdal-7.7.1", }, { category: "external", summary: "Heimdal 7.8 - Security Fix Release vom 2022-11-15", url: "https://github.com/heimdal/heimdal/releases/tag/heimdal-7.8.0", }, { category: "external", summary: "MIT krb5 Security Advisory 2022-001 vom 2022-11-15", url: "https://web.mit.edu/kerberos/advisories/MITKRB5-SA-2022-001.txt", }, { category: "external", summary: "Samba Security Announcement CVE-2022-42898 vom 2022-11-15", url: "https://www.samba.org/samba/security/CVE-2022-42898.html", }, { category: "external", summary: "Synology Security Advisory SYNOLOGY-SA-22:22 vom 2022-11-19", url: "https://www.synology.com/en-global/support/security/Synology_SA_22_22", }, { category: "external", summary: "Debian Security Advisory DSA-5286 vom 2022-11-19", url: "https://lists.debian.org/debian-security-announce/2022/msg00257.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2022:4155-1 vom 2022-11-21", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013049.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2022:4153-1 vom 2022-11-21", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013050.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2022:4154-1 vom 2022-11-21", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013053.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2022:4167-1 vom 2022-11-22", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013065.html", }, { category: "external", summary: "Debian Security Advisory DSA-5287 vom 2022-11-22", url: "https://lists.debian.org/debian-security-announce/2022/msg00258.html", }, { category: "external", summary: "Debian Security Advisory DLA-3206 vom 2022-11-26", url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2022-8637 vom 2022-11-29", url: "https://linux.oracle.com/errata/ELSA-2022-8637.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2022:8638 vom 2022-11-28", url: "https://access.redhat.com/errata/RHSA-2022:8638", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2022:8648 vom 2022-11-28", url: "https://access.redhat.com/errata/RHSA-2022:8648", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2022:8637 vom 2022-11-28", url: "https://access.redhat.com/errata/RHSA-2022:8637", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2022:8639 vom 2022-11-28", url: "https://access.redhat.com/errata/RHSA-2022:8639", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2022:8640 vom 2022-11-28", url: "https://access.redhat.com/errata/RHSA-2022:8640", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2022:8641 vom 2022-11-28", url: "https://access.redhat.com/errata/RHSA-2022:8641", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2022-8640 vom 2022-11-29", url: "https://linux.oracle.com/errata/ELSA-2022-8640.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2022-8638 vom 2022-11-29", url: "http://linux.oracle.com/errata/ELSA-2022-8638.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2022:8662 vom 2022-11-29", url: "https://access.redhat.com/errata/RHSA-2022:8662", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2022:8669 vom 2022-11-29", url: "https://access.redhat.com/errata/RHSA-2022:8669", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2022:8663 vom 2022-11-29", url: "https://access.redhat.com/errata/RHSA-2022:8663", }, { category: "external", summary: "Debian Security Advisory DLA-3213 vom 2022-11-29", url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00041.html", }, { category: "external", summary: "CentOS Security Advisory CESA-2022:8640 vom 2022-12-01", url: "https://lists.centos.org/pipermail/centos-announce/2022-November/073665.html", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2022-311128DD7E vom 2022-12-01", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2022-311128dd7e", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2022:8827 vom 2022-12-06", url: "https://access.redhat.com/errata/RHSA-2022:8827", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2022:4335-1 vom 2022-12-06", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013194.html", }, { category: "external", summary: "Ubuntu Security Notice USN-5766-1 vom 2022-12-08", url: "https://ubuntu.com/security/notices/USN-5766-1", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2022:4395-1 vom 2022-12-09", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013212.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2022:9029 vom 2022-12-14", url: "https://access.redhat.com/errata/RHSA-2022:9029", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2022:8893 vom 2022-12-15", url: "https://access.redhat.com/errata/RHSA-2022:8893", }, { category: "external", summary: "Samba Release Notes", url: "https://www.samba.org/samba/history/samba-4.17.4.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2023:0081-1 vom 2023-01-12", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-January/013465.html", }, { category: "external", summary: "Ubuntu Security Notice USN-5800-1 vom 2023-01-12", url: "https://ubuntu.com/security/notices/USN-5800-1", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS-2023-1915 vom 2023-01-23", url: "https://alas.aws.amazon.com/AL2/ALAS-2023-1915.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS-2023-1667 vom 2023-01-24", url: "https://alas.aws.amazon.com/ALAS-2023-1667.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS-2023-271 vom 2023-01-25", url: "https://alas.aws.amazon.com/AL2022/ALAS-2023-271.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS-2023-272 vom 2023-01-25", url: "https://alas.aws.amazon.com/AL2022/ALAS-2023-272.html", }, { category: "external", summary: "Ubuntu Security Notice USN-5828-1 vom 2023-01-25", url: "https://ubuntu.com/security/notices/USN-5828-1", }, { category: "external", summary: "Ubuntu Security Notice USN-5822-2 vom 2023-01-27", url: "https://ubuntu.com/security/notices/USN-5822-2", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2023:0160-1 vom 2023-01-26", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-January/013535.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2023:0198-1 vom 2023-01-27", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-January/013559.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS-2023-1680 vom 2023-02-06", url: "https://alas.aws.amazon.com/ALAS-2023-1680.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2023-12104 vom 2023-02-08", url: "https://linux.oracle.com/errata/ELSA-2023-12104.html", }, { category: "external", summary: "Ubuntu Security Notice USN-5936-1 vom 2023-03-08", url: "https://ubuntu.com/security/notices/USN-5936-1", }, { category: "external", summary: "QNAP Security Advisory QSA-23-03 vom 2023-03-29", url: "https://www.qnap.com/de-de/security-advisory/QSA-23-03", }, { category: "external", summary: "QNAP Security Advisory QSA-23-03 vom 2023-03-29", url: "https://www.qnap.com/go/security-advisory/qsa-23-03", }, { category: "external", summary: "IBM Security Bulletin 6967016 vom 2023-03-29", url: "https://www.ibm.com/support/pages/node/6967016", }, { category: "external", summary: "IBM Security Bulletin 6981101 vom 2023-04-05", url: "https://www.ibm.com/support/pages/node/6981101", }, { category: "external", summary: "ORACLE OVMSA-2023-0008 vom 2023-08-17", url: "https://oss.oracle.com/pipermail/oraclevm-errata/2023-August/001080.html", }, { category: "external", summary: "Gentoo Linux Security Advisory GLSA-202309-06 vom 2023-09-17", url: "https://security.gentoo.org/glsa/202309-06", }, { category: "external", summary: "Gentoo Linux Security Advisory GLSA-202310-06 vom 2023-10-08", url: "https://security.gentoo.org/glsa/202310-06", }, { category: "external", summary: "Gentoo Linux Security Advisory GLSA-202405-11 vom 2024-05-05", url: "https://security.gentoo.org/glsa/202405-11", }, { category: "external", summary: "Dell Security Advisory DSA-2023-162 vom 2024-06-14", url: "https://www.dell.com/support/kbdoc/de-de/000215555/dsa-2023-162-security-update-for-dell-idrac9-heimdal-vulnerability", }, { category: "external", summary: "HPE Security Bulletin vom 2024-10-25", url: "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbux04724en_us&docLocale=en_US", }, ], source_lang: "en-US", title: "Heimdal: Mehrere Schwachstellen", tracking: { current_release_date: "2024-10-27T23:00:00.000+00:00", generator: { date: "2024-10-28T09:09:33.087+00:00", engine: { name: "BSI-WID", version: "1.3.8", }, }, id: "WID-SEC-W-2022-2057", initial_release_date: "2022-11-15T23:00:00.000+00:00", revision_history: [ { date: "2022-11-15T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2022-11-16T23:00:00.000+00:00", number: "2", summary: "Referenz(en) aufgenommen: FEDORA-2022-88CEFEF88C, FEDORA-2022-FBCA84B938, FEDORA-2022-EA403B373F, FEDORA-2022-003403EC6B, FEDORA-2022-C6E50D409B, FEDORA-2022-78038A4441, FEDORA-2022-A1747ACA80", }, { date: "2022-11-17T23:00:00.000+00:00", number: "3", summary: "Referenz(en) aufgenommen: FEDORA-2022-D680C70EBE", }, { date: "2022-11-20T23:00:00.000+00:00", number: "4", summary: "Neue Updates von Synology und Debian aufgenommen", }, { date: "2022-11-21T23:00:00.000+00:00", number: "5", summary: "Neue Updates von SUSE und Fedora aufgenommen", }, { date: "2022-11-22T23:00:00.000+00:00", number: "6", summary: "Neue Updates von SUSE und Debian aufgenommen", }, { date: "2022-11-27T23:00:00.000+00:00", number: "7", summary: "Neue Updates von Debian aufgenommen", }, { date: "2022-11-28T23:00:00.000+00:00", number: "8", summary: "Neue Updates von Oracle Linux und Red Hat aufgenommen", }, { date: "2022-11-29T23:00:00.000+00:00", number: "9", summary: "Neue Updates von Red Hat und Debian aufgenommen", }, { date: "2022-11-30T23:00:00.000+00:00", number: "10", summary: "Neue Updates von CentOS aufgenommen", }, { date: "2022-12-01T23:00:00.000+00:00", number: "11", summary: "Neue Updates von Fedora aufgenommen", }, { date: "2022-12-06T23:00:00.000+00:00", number: "12", summary: "Neue Updates von Red Hat und SUSE aufgenommen", }, { date: "2022-12-07T23:00:00.000+00:00", number: "13", summary: "Neue Updates von Ubuntu aufgenommen", }, { date: "2022-12-11T23:00:00.000+00:00", number: "14", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2022-12-14T23:00:00.000+00:00", number: "15", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2022-12-15T23:00:00.000+00:00", number: "16", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-01-12T23:00:00.000+00:00", number: "17", summary: "Neue Updates von SUSE und Ubuntu aufgenommen", }, { date: "2023-01-23T23:00:00.000+00:00", number: "18", summary: "Neue Updates von Amazon aufgenommen", }, { date: "2023-01-24T23:00:00.000+00:00", number: "19", summary: "Neue Updates von Amazon aufgenommen", }, { date: "2023-01-25T23:00:00.000+00:00", number: "20", summary: "Neue Updates von Ubuntu aufgenommen", }, { date: "2023-01-26T23:00:00.000+00:00", number: "21", summary: "Neue Updates von Ubuntu aufgenommen", }, { date: "2023-01-29T23:00:00.000+00:00", number: "22", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2023-02-06T23:00:00.000+00:00", number: "23", summary: "Neue Updates von Amazon aufgenommen", }, { date: "2023-02-08T23:00:00.000+00:00", number: "24", summary: "Neue Updates von Oracle Linux aufgenommen", }, { date: "2023-03-08T23:00:00.000+00:00", number: "25", summary: "Neue Updates von Ubuntu aufgenommen", }, { date: "2023-03-29T22:00:00.000+00:00", number: "26", summary: "Neue Updates von QNAP aufgenommen", }, { date: "2023-04-05T22:00:00.000+00:00", number: "27", summary: "Neue Updates von IBM aufgenommen", }, { date: "2023-08-17T22:00:00.000+00:00", number: "28", summary: "Neue Updates von ORACLE aufgenommen", }, { date: "2023-09-17T22:00:00.000+00:00", number: "29", summary: "Neue Updates von Gentoo aufgenommen", }, { date: "2023-10-08T22:00:00.000+00:00", number: "30", summary: "Neue Updates von Gentoo aufgenommen", }, { date: "2024-05-05T22:00:00.000+00:00", number: "31", summary: "Neue Updates von Gentoo aufgenommen", }, { date: "2024-06-13T22:00:00.000+00:00", number: "32", summary: "Neue Updates von Dell aufgenommen", }, { date: "2024-10-27T23:00:00.000+00:00", number: "33", summary: "Neue Updates von HP aufgenommen", }, ], status: "final", version: "33", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Amazon Linux 2", product: { name: "Amazon Linux 2", product_id: "398363", product_identification_helper: { cpe: "cpe:/o:amazon:linux_2:-", }, }, }, ], category: "vendor", name: "Amazon", }, { branches: [ { category: "product_name", name: "Debian Linux", product: { name: "Debian Linux", product_id: "2951", product_identification_helper: { cpe: "cpe:/o:debian:debian_linux:-", }, }, }, ], category: "vendor", name: "Debian", }, { branches: [ { branches: [ { category: "product_version", name: "9", product: { name: "Dell integrated Dell Remote Access Controller 9", product_id: "T015301", product_identification_helper: { cpe: "cpe:/h:dell:idrac:9", }, }, }, ], category: "product_name", name: "integrated Dell Remote Access Controller", }, ], category: "vendor", name: "Dell", }, { branches: [ { branches: [ { category: "product_version_range", name: "<13.1 stable", product: { name: "FreeBSD Project FreeBSD OS <13.1 stable", product_id: "T025344", }, }, { category: "product_version", name: "13.1 stable", product: { name: "FreeBSD Project FreeBSD OS 13.1 stable", product_id: "T025344-fixed", product_identification_helper: { cpe: "cpe:/o:freebsd:freebsd:13.1_stable", }, }, }, { category: "product_version_range", name: "<13.1 release p4", product: { name: "FreeBSD Project FreeBSD OS <13.1 release p4", product_id: "T025345", }, }, { category: "product_version", name: "13.1 release p4", product: { name: "FreeBSD Project FreeBSD OS 13.1 release p4", product_id: "T025345-fixed", product_identification_helper: { cpe: "cpe:/o:freebsd:freebsd:13.1_release_p4", }, }, }, { category: "product_version_range", name: "<12.4 stable", product: { name: "FreeBSD Project FreeBSD OS <12.4 stable", product_id: "T025346", }, }, { category: "product_version", name: "12.4 stable", product: { name: "FreeBSD Project FreeBSD OS 12.4 stable", product_id: "T025346-fixed", product_identification_helper: { cpe: "cpe:/o:freebsd:freebsd:12.4_stable", }, }, }, { category: "product_version_range", name: "<12.4 RC2 p1", product: { name: "FreeBSD Project FreeBSD OS <12.4 RC2 p1", product_id: "T025347", }, }, { category: "product_version", name: "12.4 RC2 p1", product: { name: "FreeBSD Project FreeBSD OS 12.4 RC2 p1", product_id: "T025347-fixed", product_identification_helper: { cpe: "cpe:/o:freebsd:freebsd:12.4_rc2_p1", }, }, }, { category: "product_version_range", name: "<12.3 release p9", product: { name: "FreeBSD Project FreeBSD OS <12.3 release p9", product_id: "T025348", }, }, { category: "product_version", name: "12.3 release p9", product: { name: "FreeBSD Project FreeBSD OS 12.3 release p9", product_id: "T025348-fixed", product_identification_helper: { cpe: "cpe:/o:freebsd:freebsd:12.3_release_p9", }, }, }, ], category: "product_name", name: "FreeBSD OS", }, ], category: "vendor", name: "FreeBSD Project", }, { branches: [ { category: "product_name", name: "Gentoo Linux", product: { name: "Gentoo Linux", product_id: "T012167", product_identification_helper: { cpe: "cpe:/o:gentoo:linux:-", }, }, }, ], category: "vendor", name: "Gentoo", }, { branches: [ { branches: [ { category: "product_version_range", name: "(CIFS) Client/Server <B.04.18.01.00", product: { name: "HPE HP-UX (CIFS) Client/Server <B.04.18.01.00", product_id: "T038611", }, }, { category: "product_version", name: "(CIFS) Client/Server B.04.18.01.00", product: { name: "HPE HP-UX (CIFS) Client/Server B.04.18.01.00", product_id: "T038611-fixed", product_identification_helper: { cpe: "cpe:/o:hp:hp-ux:%28cifs%29_clientserver__b.04.18.01.00", }, }, }, ], category: "product_name", name: "HP-UX", }, ], category: "vendor", name: "HPE", }, { branches: [ { branches: [ { category: "product_version_range", name: "<7.4.3 FP9", product: { name: "IBM QRadar SIEM <7.4.3 FP9", product_id: "T026829", }, }, { category: "product_version", name: "7.4.3 FP9", product: { name: "IBM QRadar SIEM 7.4.3 FP9", product_id: "T026829-fixed", product_identification_helper: { cpe: "cpe:/a:ibm:qradar_siem:7.4.3_fp9", }, }, }, { category: "product_version_range", name: "<7.5.0 UP4 IF01", product: { name: "IBM QRadar SIEM <7.5.0 UP4 IF01", product_id: "T026982", }, }, { category: "product_version", name: "7.5.0 UP4 IF01", product: { name: "IBM QRadar SIEM 7.5.0 UP4 IF01", product_id: "T026982-fixed", product_identification_helper: { cpe: "cpe:/a:ibm:qradar_siem:7.5.0_up4_if01", }, }, }, ], category: "product_name", name: "QRadar SIEM", }, { branches: [ { category: "product_version", name: "11.4", product: { name: "IBM Security Guardium 11.4", product_id: "1076561", product_identification_helper: { cpe: "cpe:/a:ibm:security_guardium:11.4", }, }, }, ], category: "product_name", name: "Security Guardium", }, ], category: "vendor", name: "IBM", }, { branches: [ { branches: [ { category: "product_version_range", name: ">=krb5-1.8", product: { name: "MIT Kerberos >=krb5-1.8", product_id: "T025336", }, }, { category: "product_version_range", name: ">=krb5-1.8", product: { name: "MIT Kerberos >=krb5-1.8", product_id: "T025336-fixed", }, }, ], category: "product_name", name: "Kerberos", }, ], category: "vendor", name: "MIT", }, { branches: [ { category: "product_name", name: "Open Source CentOS", product: { name: "Open Source CentOS", product_id: "1727", product_identification_helper: { cpe: "cpe:/o:centos:centos:-", }, }, }, { branches: [ { category: "product_version_range", name: "<7.8.0", product: { name: "Open Source Heimdal <7.8.0", product_id: "T025326", }, }, { category: "product_version", name: "7.8.0", product: { name: "Open Source Heimdal 7.8.0", product_id: "T025326-fixed", product_identification_helper: { cpe: "cpe:/a:heimdal:heimdal:7.8.0", }, }, }, { category: "product_version_range", name: "<7.7.1", product: { name: "Open Source Heimdal <7.7.1", product_id: "T025327", }, }, { category: "product_version", name: "7.7.1", product: { name: "Open Source Heimdal 7.7.1", product_id: "T025327-fixed", product_identification_helper: { cpe: "cpe:/a:heimdal:heimdal:7.7.1", }, }, }, ], category: "product_name", name: "Heimdal", }, { branches: [ { category: "product_version_range", name: "<4.15.12", product: { name: "Open Source Samba <4.15.12", product_id: "T025328", }, }, { category: "product_version", name: "4.15.12", product: { name: "Open Source Samba 4.15.12", product_id: "T025328-fixed", product_identification_helper: { cpe: "cpe:/a:samba:samba:4.15.12", }, }, }, { category: "product_version_range", name: "<4.16.7", product: { name: "Open Source Samba <4.16.7", product_id: "T025330", }, }, { category: "product_version", name: "4.16.7", product: { name: "Open Source Samba 4.16.7", product_id: "T025330-fixed", product_identification_helper: { cpe: "cpe:/a:samba:samba:4.16.7", }, }, }, { category: "product_version_range", name: "<4.17.3", product: { name: "Open Source Samba <4.17.3", product_id: "T025332", }, }, { category: "product_version", name: "4.17.3", product: { name: "Open Source Samba 4.17.3", product_id: "T025332-fixed", product_identification_helper: { cpe: "cpe:/a:samba:samba:4.17.3", }, }, }, { category: "product_version_range", name: "<4.17.4", product: { name: "Open Source Samba <4.17.4", product_id: "T025619", }, }, { category: "product_version", name: "4.17.4", product: { name: "Open Source Samba 4.17.4", product_id: "T025619-fixed", product_identification_helper: { cpe: "cpe:/a:samba:samba:4.17.4", }, }, }, ], category: "product_name", name: "Samba", }, ], category: "vendor", name: "Open Source", }, { branches: [ { category: "product_name", name: "Oracle Linux", product: { name: "Oracle Linux", product_id: "T004914", product_identification_helper: { cpe: "cpe:/o:oracle:linux:-", }, }, }, { branches: [ { category: "product_version", name: "3", product: { name: "Oracle VM 3", product_id: "T019617", product_identification_helper: { cpe: "cpe:/a:oracle:vm:3", }, }, }, ], category: "product_name", name: "VM", }, ], category: "vendor", name: "Oracle", }, { branches: [ { category: "product_name", name: "QNAP NAS", product: { name: "QNAP NAS", product_id: "T017100", product_identification_helper: { cpe: "cpe:/h:qnap:nas:-", }, }, }, ], category: "vendor", name: "QNAP", }, { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, { category: "product_name", name: "Red Hat OpenShift", product: { name: "Red Hat OpenShift", product_id: "367115", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:-", }, }, }, ], category: "vendor", name: "Red Hat", }, { branches: [ { category: "product_name", name: "SUSE Linux", product: { name: "SUSE Linux", product_id: "T002207", product_identification_helper: { cpe: "cpe:/o:suse:suse_linux:-", }, }, }, ], category: "vendor", name: "SUSE", }, { branches: [ { category: "product_name", name: "Ubuntu Linux", product: { name: "Ubuntu Linux", product_id: "T000126", product_identification_helper: { cpe: "cpe:/o:canonical:ubuntu_linux:-", }, }, }, ], category: "vendor", name: "Ubuntu", }, ], }, vulnerabilities: [ { cve: "CVE-2021-44758", notes: [ { category: "description", text: "Es gibt eine Schwachstelle in Heimdal, in Verbindung mit den \"SPNEGO\"-Akzeptoren. Ein Angreifer kann eine NULL-Zeiger-Dereferenz auslösen, um einen Denial-of-Service-Zustand zu erzeugen.", }, ], product_status: { known_affected: [ "67646", "1076561", "T038611", "T012167", "T015301", "T004914", "T017100", "T026829", "T025619", "2951", "T002207", "T025327", "T025326", "T025348", "T000126", "367115", "T025345", "T019617", "T025344", "398363", "T025347", "T025346", "1727", "T026982", ], }, release_date: "2022-11-15T23:00:00.000+00:00", title: "CVE-2021-44758", }, { cve: "CVE-2022-41916", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in Heimdal bezüglich der Normalisierung von Unicode. Es wird versucht, ein Byte hinter dem Ende eines Arrays zu lesen. Ein Angreifer kann dies für einen Denial of Service Angriff ausnutzen.", }, ], product_status: { known_affected: [ "67646", "1076561", "T038611", "T012167", "T015301", "T004914", "T017100", "T026829", "T025619", "2951", "T002207", "T025327", "T025326", "T000126", "367115", "T019617", "398363", "1727", "T026982", ], }, release_date: "2022-11-15T23:00:00.000+00:00", title: "CVE-2022-41916", }, { cve: "CVE-2022-42898", notes: [ { category: "description", text: "Es gibt eine Schwachstelle in Heimdal, wie es zum Beispiel in Samba, MIT Kerberos und FreeBSD OS verwendet wird. Bei der Verarbeitung von Privilege-Attribute-Zertifikaten (PAC) können mehrere Integer-Überlaufsituationen auftreten. Ein Angreifer kann dies ausnutzen, um einen Denial of Service Zustand zu erzeugen und KDC-Informationen offenzulegen. Auf 32-Bit-Plattformen kann ein Angreifer dies auch ausnutzen, um potenziell beliebigen Code auszuführen. Der Angreifer muss im Besitz des Langzeitschlüssels des Dienstes sein, um dies erfolgreich auszunutzen.", }, ], product_status: { known_affected: [ "67646", "T015301", "T004914", "T026829", "T025619", "T019617", "398363", "T025330", "T026982", "T025332", "1076561", "T038611", "T012167", "T017100", "2951", "T002207", "T025327", "T025326", "T025348", "T000126", "T025328", "367115", "T025345", "T025344", "T025347", "T025346", "1727", ], }, release_date: "2022-11-15T23:00:00.000+00:00", title: "CVE-2022-42898", }, { cve: "CVE-2022-44640", notes: [ { category: "description", text: "In Heimdal besteht eine Schwachstelle im ASN.1 Codec. Beim Umgang mit speziell gestalteten DER-kodierten Eingaben kann eine ungültige \"free()\"-Operation an einer Adresse auftreten, die teilweise oder vollständig unter der Kontrolle des Angreifers steht. Ein Angreifer kann dies ausnutzen, um potenziell beliebigen Code auf dem KDC auszuführen, was bedeutet, dass Anmeldeinformationen kompromittiert werden können, die dazu verwendet werden können, sich als ein beliebiger Benutzer in einem Realm oder Forest of Realms auszugeben.", }, ], product_status: { known_affected: [ "67646", "1076561", "T038611", "T012167", "T015301", "T004914", "T017100", "T026829", "T025619", "2951", "T002207", "T025327", "T025326", "T025348", "T000126", "367115", "T025345", "T019617", "T025344", "398363", "T025347", "T025346", "1727", "T026982", ], }, release_date: "2022-11-15T23:00:00.000+00:00", title: "CVE-2022-44640", }, ], }
gsd-2022-41916
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal's libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue.
Aliases
Aliases
{ GSD: { alias: "CVE-2022-41916", id: "GSD-2022-41916", references: [ "https://www.debian.org/security/2022/dsa-5287", "https://advisories.mageia.org/CVE-2022-41916.html", "https://www.suse.com/security/cve/CVE-2022-41916.html", "https://ubuntu.com/security/CVE-2022-41916", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2022-41916", ], details: "Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal's libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue.", id: "GSD-2022-41916", modified: "2023-12-13T01:19:33.169488Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2022-41916", STATE: "PUBLIC", TITLE: "Read one byte past a buffer when normalizing Unicode", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "heimdal", version: { version_data: [ { version_value: "< 7.7.1", }, ], }, }, ], }, vendor_name: "heimdal", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal's libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue.", }, ], }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-193: Off-by-one Error", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx", refsource: "CONFIRM", url: "https://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx", }, { name: "DSA-5287", refsource: "DEBIAN", url: "https://www.debian.org/security/2022/dsa-5287", }, { name: "[debian-lts-announce] 20221126 [SECURITY] [DLA 3206-1] heimdal security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html", }, { name: "https://security.netapp.com/advisory/ntap-20230216-0008/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20230216-0008/", }, { name: "GLSA-202310-06", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202310-06", }, ], }, source: { advisory: "GHSA-mgqr-gvh6-23cx", discovery: "UNKNOWN", }, }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:heimdal_project:heimdal:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "7.7.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2022-41916", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal's libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-193", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx", refsource: "CONFIRM", tags: [ "Third Party Advisory", ], url: "https://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx", }, { name: "DSA-5287", refsource: "DEBIAN", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5287", }, { name: "[debian-lts-announce] 20221126 [SECURITY] [DLA 3206-1] heimdal security update", refsource: "MLIST", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html", }, { name: "https://security.netapp.com/advisory/ntap-20230216-0008/", refsource: "CONFIRM", tags: [], url: "https://security.netapp.com/advisory/ntap-20230216-0008/", }, { name: "GLSA-202310-06", refsource: "GENTOO", tags: [], url: "https://security.gentoo.org/glsa/202310-06", }, ], }, }, impact: { baseMetricV3: { cvssV3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, }, }, lastModifiedDate: "2023-10-08T09:15Z", publishedDate: "2022-11-15T23:15Z", }, }, }
fkie_cve-2022-41916
Vulnerability from fkie_nvd
Published
2022-11-15 23:15
Modified
2024-11-21 07:24
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal's libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| heimdal_project | heimdal | * | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:heimdal_project:heimdal:*:*:*:*:*:*:*:*", matchCriteriaId: "537FE65E-6E3F-4441-8B35-7B48214EA04D", versionEndExcluding: "7.7.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal's libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue.", }, { lang: "es", value: "Heimdal es una implementación de ASN.1/DER, PKIX y Kerberos. Las versiones anteriores a la 7.7.1 son vulnerables a una vulnerabilidad de denegación de servicio en la biblioteca de validación de certificados PKI de Heimdal, lo que afecta a KDC (a través de PKINIT) y kinit (a través de PKINIT), así como a cualquier aplicación de terceros que utilice libhx509 de Heimdal. Los usuarios deben actualizar a Heimdal 7.7.1 o 7.8. No se conocen workarounds para este problema.", }, ], id: "CVE-2022-41916", lastModified: "2024-11-21T07:24:03.720", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-11-15T23:15:27.197", references: [ { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx", }, { source: "security-advisories@github.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html", }, { source: "security-advisories@github.com", url: "https://security.gentoo.org/glsa/202310-06", }, { source: "security-advisories@github.com", url: "https://security.netapp.com/advisory/ntap-20230216-0008/", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5287", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202310-06", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20230216-0008/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5287", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-193", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-193", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.