wid-sec-w-2022-2057
Vulnerability from csaf_certbund
Published
2022-11-15 23:00
Modified
2024-06-13 22:00
Summary
Heimdal: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Heimdal ist eine Kerberos 5 Implementierung. Kerberos ist ein verteilter Netzwerkdienst zur Authentifizierung. MIT Kerberos ist die freie Implementierung des "Kerberos network authentication protocol", des Massachusetts Institute of Technology (MIT). Samba ist eine Open Source Software Suite, die Druck- und Dateidienste für SMB/CIFS Clients implementiert.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Heimdal, Samba, MIT Kerberos und FreeBSD Project FreeBSD OS ausnutzen, um einen Denial of Service Angriff durchzuführen, und um beliebigen Code auszuführen.
Betroffene Betriebssysteme
- Linux - UNIX - Windows



{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Heimdal ist eine Kerberos 5 Implementierung.\r\nKerberos ist ein verteilter Netzwerkdienst zur Authentifizierung. MIT Kerberos ist die freie Implementierung des \"Kerberos network authentication protocol\", des Massachusetts Institute of Technology (MIT).\r\nSamba ist eine Open Source Software Suite, die Druck- und Dateidienste f\u00fcr SMB/CIFS Clients implementiert.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein  Angreifer kann mehrere Schwachstellen in Heimdal, Samba, MIT Kerberos und FreeBSD Project FreeBSD OS ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren, und um beliebigen Code auszuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2022-2057 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-2057.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2022-2057 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-2057"
      },
      {
        "category": "external",
        "summary": "FreeBSD Security Advisory FREEBSD-SA-22:14.HEIMDAL vom 2022-11-15",
        "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-22:14.heimdal.asc"
      },
      {
        "category": "external",
        "summary": "Heimdal 7.7.1 - Security Fix Release vom 2022-11-15",
        "url": "https://github.com/heimdal/heimdal/releases/tag/heimdal-7.7.1"
      },
      {
        "category": "external",
        "summary": "Heimdal 7.8 - Security Fix Release vom 2022-11-15",
        "url": "https://github.com/heimdal/heimdal/releases/tag/heimdal-7.8.0"
      },
      {
        "category": "external",
        "summary": "MIT krb5 Security Advisory 2022-001 vom 2022-11-15",
        "url": "https://web.mit.edu/kerberos/advisories/MITKRB5-SA-2022-001.txt"
      },
      {
        "category": "external",
        "summary": "Samba Security Announcement CVE-2022-42898 vom 2022-11-15",
        "url": "https://www.samba.org/samba/security/CVE-2022-42898.html"
      },
      {
        "category": "external",
        "summary": "Synology Security Advisory SYNOLOGY-SA-22:22 vom 2022-11-19",
        "url": "https://www.synology.com/en-global/support/security/Synology_SA_22_22"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5286 vom 2022-11-19",
        "url": "https://lists.debian.org/debian-security-announce/2022/msg00257.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:4155-1 vom 2022-11-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013049.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:4153-1 vom 2022-11-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013050.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:4154-1 vom 2022-11-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013053.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:4167-1 vom 2022-11-22",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013065.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5287 vom 2022-11-22",
        "url": "https://lists.debian.org/debian-security-announce/2022/msg00258.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-3206 vom 2022-11-26",
        "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2022-8637 vom 2022-11-29",
        "url": "https://linux.oracle.com/errata/ELSA-2022-8637.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:8638 vom 2022-11-28",
        "url": "https://access.redhat.com/errata/RHSA-2022:8638"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:8648 vom 2022-11-28",
        "url": "https://access.redhat.com/errata/RHSA-2022:8648"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:8637 vom 2022-11-28",
        "url": "https://access.redhat.com/errata/RHSA-2022:8637"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:8639 vom 2022-11-28",
        "url": "https://access.redhat.com/errata/RHSA-2022:8639"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:8640 vom 2022-11-28",
        "url": "https://access.redhat.com/errata/RHSA-2022:8640"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:8641 vom 2022-11-28",
        "url": "https://access.redhat.com/errata/RHSA-2022:8641"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2022-8640 vom 2022-11-29",
        "url": "https://linux.oracle.com/errata/ELSA-2022-8640.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2022-8638 vom 2022-11-29",
        "url": "http://linux.oracle.com/errata/ELSA-2022-8638.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:8662 vom 2022-11-29",
        "url": "https://access.redhat.com/errata/RHSA-2022:8662"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:8669 vom 2022-11-29",
        "url": "https://access.redhat.com/errata/RHSA-2022:8669"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:8663 vom 2022-11-29",
        "url": "https://access.redhat.com/errata/RHSA-2022:8663"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-3213 vom 2022-11-29",
        "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00041.html"
      },
      {
        "category": "external",
        "summary": "CentOS Security Advisory CESA-2022:8640 vom 2022-12-01",
        "url": "https://lists.centos.org/pipermail/centos-announce/2022-November/073665.html"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2022-311128DD7E vom 2022-12-01",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2022-311128dd7e"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:8827 vom 2022-12-06",
        "url": "https://access.redhat.com/errata/RHSA-2022:8827"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:4335-1 vom 2022-12-06",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013194.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-5766-1 vom 2022-12-08",
        "url": "https://ubuntu.com/security/notices/USN-5766-1"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:4395-1 vom 2022-12-09",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013212.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:9029 vom 2022-12-14",
        "url": "https://access.redhat.com/errata/RHSA-2022:9029"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:8893 vom 2022-12-15",
        "url": "https://access.redhat.com/errata/RHSA-2022:8893"
      },
      {
        "category": "external",
        "summary": "Samba Release Notes",
        "url": "https://www.samba.org/samba/history/samba-4.17.4.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:0081-1 vom 2023-01-12",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-January/013465.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-5800-1 vom 2023-01-12",
        "url": "https://ubuntu.com/security/notices/USN-5800-1"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2023-1915 vom 2023-01-23",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2023-1915.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2023-1667 vom 2023-01-24",
        "url": "https://alas.aws.amazon.com/ALAS-2023-1667.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2023-271 vom 2023-01-25",
        "url": "https://alas.aws.amazon.com/AL2022/ALAS-2023-271.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2023-272 vom 2023-01-25",
        "url": "https://alas.aws.amazon.com/AL2022/ALAS-2023-272.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-5828-1 vom 2023-01-25",
        "url": "https://ubuntu.com/security/notices/USN-5828-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-5822-2 vom 2023-01-27",
        "url": "https://ubuntu.com/security/notices/USN-5822-2"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:0160-1 vom 2023-01-26",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-January/013535.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:0198-1 vom 2023-01-27",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-January/013559.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2023-1680 vom 2023-02-06",
        "url": "https://alas.aws.amazon.com/ALAS-2023-1680.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2023-12104 vom 2023-02-08",
        "url": "https://linux.oracle.com/errata/ELSA-2023-12104.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-5936-1 vom 2023-03-08",
        "url": "https://ubuntu.com/security/notices/USN-5936-1"
      },
      {
        "category": "external",
        "summary": "QNAP Security Advisory QSA-23-03 vom 2023-03-29",
        "url": "https://www.qnap.com/de-de/security-advisory/QSA-23-03"
      },
      {
        "category": "external",
        "summary": "QNAP Security Advisory QSA-23-03 vom 2023-03-29",
        "url": "https://www.qnap.com/go/security-advisory/qsa-23-03"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 6967016 vom 2023-03-29",
        "url": "https://www.ibm.com/support/pages/node/6967016"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 6981101 vom 2023-04-05",
        "url": "https://www.ibm.com/support/pages/node/6981101"
      },
      {
        "category": "external",
        "summary": "ORACLE OVMSA-2023-0008 vom 2023-08-17",
        "url": "https://oss.oracle.com/pipermail/oraclevm-errata/2023-August/001080.html"
      },
      {
        "category": "external",
        "summary": "Gentoo Linux Security Advisory GLSA-202309-06 vom 2023-09-17",
        "url": "https://security.gentoo.org/glsa/202309-06"
      },
      {
        "category": "external",
        "summary": "Gentoo Linux Security Advisory GLSA-202310-06 vom 2023-10-08",
        "url": "https://security.gentoo.org/glsa/202310-06"
      },
      {
        "category": "external",
        "summary": "Gentoo Linux Security Advisory GLSA-202405-11 vom 2024-05-05",
        "url": "https://security.gentoo.org/glsa/202405-11"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2023-162 vom 2024-06-14",
        "url": "https://www.dell.com/support/kbdoc/de-de/000215555/dsa-2023-162-security-update-for-dell-idrac9-heimdal-vulnerability"
      }
    ],
    "source_lang": "en-US",
    "title": "Heimdal: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-06-13T22:00:00.000+00:00",
      "generator": {
        "date": "2024-06-14T08:09:13.900+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.0"
        }
      },
      "id": "WID-SEC-W-2022-2057",
      "initial_release_date": "2022-11-15T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2022-11-15T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2022-11-16T23:00:00.000+00:00",
          "number": "2",
          "summary": "Referenz(en) aufgenommen: FEDORA-2022-88CEFEF88C, FEDORA-2022-FBCA84B938, FEDORA-2022-EA403B373F, FEDORA-2022-003403EC6B, FEDORA-2022-C6E50D409B, FEDORA-2022-78038A4441, FEDORA-2022-A1747ACA80"
        },
        {
          "date": "2022-11-17T23:00:00.000+00:00",
          "number": "3",
          "summary": "Referenz(en) aufgenommen: FEDORA-2022-D680C70EBE"
        },
        {
          "date": "2022-11-20T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Synology und Debian aufgenommen"
        },
        {
          "date": "2022-11-21T23:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von SUSE und Fedora aufgenommen"
        },
        {
          "date": "2022-11-22T23:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von SUSE und Debian aufgenommen"
        },
        {
          "date": "2022-11-27T23:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2022-11-28T23:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Oracle Linux und Red Hat aufgenommen"
        },
        {
          "date": "2022-11-29T23:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Red Hat und Debian aufgenommen"
        },
        {
          "date": "2022-11-30T23:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von CentOS aufgenommen"
        },
        {
          "date": "2022-12-01T23:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Fedora aufgenommen"
        },
        {
          "date": "2022-12-06T23:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von Red Hat und SUSE aufgenommen"
        },
        {
          "date": "2022-12-07T23:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2022-12-11T23:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2022-12-14T23:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-12-15T23:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-01-12T23:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von SUSE und Ubuntu aufgenommen"
        },
        {
          "date": "2023-01-23T23:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2023-01-24T23:00:00.000+00:00",
          "number": "19",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2023-01-25T23:00:00.000+00:00",
          "number": "20",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2023-01-26T23:00:00.000+00:00",
          "number": "21",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2023-01-29T23:00:00.000+00:00",
          "number": "22",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2023-02-06T23:00:00.000+00:00",
          "number": "23",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2023-02-08T23:00:00.000+00:00",
          "number": "24",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2023-03-08T23:00:00.000+00:00",
          "number": "25",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2023-03-29T22:00:00.000+00:00",
          "number": "26",
          "summary": "Neue Updates von QNAP aufgenommen"
        },
        {
          "date": "2023-04-05T22:00:00.000+00:00",
          "number": "27",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2023-08-17T22:00:00.000+00:00",
          "number": "28",
          "summary": "Neue Updates von ORACLE aufgenommen"
        },
        {
          "date": "2023-09-17T22:00:00.000+00:00",
          "number": "29",
          "summary": "Neue Updates von Gentoo aufgenommen"
        },
        {
          "date": "2023-10-08T22:00:00.000+00:00",
          "number": "30",
          "summary": "Neue Updates von Gentoo aufgenommen"
        },
        {
          "date": "2024-05-05T22:00:00.000+00:00",
          "number": "31",
          "summary": "Neue Updates von Gentoo aufgenommen"
        },
        {
          "date": "2024-06-13T22:00:00.000+00:00",
          "number": "32",
          "summary": "Neue Updates von Dell aufgenommen"
        }
      ],
      "status": "final",
      "version": "32"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "9",
                "product": {
                  "name": "Dell integrated Dell Remote Access Controller 9",
                  "product_id": "T015301",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:dell:idrac:9"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "integrated Dell Remote Access Controller"
          }
        ],
        "category": "vendor",
        "name": "Dell"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c13.1 stable",
                "product": {
                  "name": "FreeBSD Project FreeBSD OS \u003c13.1 stable",
                  "product_id": "T025344",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:freebsd:freebsd:13.1_stable"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c13.1 release p4",
                "product": {
                  "name": "FreeBSD Project FreeBSD OS \u003c13.1 release p4",
                  "product_id": "T025345",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:freebsd:freebsd:13.1_release_p4"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c12.4 stable",
                "product": {
                  "name": "FreeBSD Project FreeBSD OS \u003c12.4 stable",
                  "product_id": "T025346",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:freebsd:freebsd:12.4_stable"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c12.4 RC2 p1",
                "product": {
                  "name": "FreeBSD Project FreeBSD OS \u003c12.4 RC2 p1",
                  "product_id": "T025347",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:freebsd:freebsd:12.4_rc2_p1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c12.3 release p9",
                "product": {
                  "name": "FreeBSD Project FreeBSD OS \u003c12.3 release p9",
                  "product_id": "T025348",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:freebsd:freebsd:12.3_release_p9"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "FreeBSD OS"
          }
        ],
        "category": "vendor",
        "name": "FreeBSD Project"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Gentoo Linux",
            "product": {
              "name": "Gentoo Linux",
              "product_id": "T012167",
              "product_identification_helper": {
                "cpe": "cpe:/o:gentoo:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Gentoo"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c7.4.3 FP9",
                "product": {
                  "name": "IBM QRadar SIEM \u003c7.4.3 FP9",
                  "product_id": "T026829",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:qradar_siem:7.4.3_fp9"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c7.5.0 UP4 IF01",
                "product": {
                  "name": "IBM QRadar SIEM \u003c7.5.0 UP4 IF01",
                  "product_id": "T026982",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:qradar_siem:7.5.0_up4_if01"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "QRadar SIEM"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "11.4",
                "product": {
                  "name": "IBM Security Guardium 11.4",
                  "product_id": "1076561",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:security_guardium:11.4"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Security Guardium"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e=krb5-1.8",
                "product": {
                  "name": "MIT Kerberos \u003e=krb5-1.8",
                  "product_id": "T025336",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:mit:kerberos:krb5-1.8"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Kerberos"
          }
        ],
        "category": "vendor",
        "name": "MIT"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source CentOS",
            "product": {
              "name": "Open Source CentOS",
              "product_id": "1727",
              "product_identification_helper": {
                "cpe": "cpe:/o:centos:centos:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c7.8.0",
                "product": {
                  "name": "Open Source Heimdal \u003c7.8.0",
                  "product_id": "T025326",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:heimdal:heimdal:7.8.0"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c7.7.1",
                "product": {
                  "name": "Open Source Heimdal \u003c7.7.1",
                  "product_id": "T025327",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:heimdal:heimdal:7.7.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Heimdal"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c4.15.12",
                "product": {
                  "name": "Open Source Samba \u003c4.15.12",
                  "product_id": "T025328",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:samba:samba:4.15.12"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c4.16.7",
                "product": {
                  "name": "Open Source Samba \u003c4.16.7",
                  "product_id": "T025330",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:samba:samba:4.16.7"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c4.17.3",
                "product": {
                  "name": "Open Source Samba \u003c4.17.3",
                  "product_id": "T025332",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:samba:samba:4.17.3"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c4.17.4",
                "product": {
                  "name": "Open Source Samba \u003c4.17.4",
                  "product_id": "T025619",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:samba:samba:4.17.4"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Samba"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "3",
                "product": {
                  "name": "Oracle VM 3",
                  "product_id": "T019617",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:vm:3"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "VM"
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "QNAP NAS",
            "product": {
              "name": "QNAP NAS",
              "product_id": "T017100",
              "product_identification_helper": {
                "cpe": "cpe:/h:qnap:nas:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "QNAP"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Red Hat OpenShift",
            "product": {
              "name": "Red Hat OpenShift",
              "product_id": "367115",
              "product_identification_helper": {
                "cpe": "cpe:/a:redhat:openshift:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-44758",
      "notes": [
        {
          "category": "description",
          "text": "Es gibt eine Schwachstelle in Heimdal, in Verbindung mit den \"SPNEGO\"-Akzeptoren. Ein Angreifer kann eine NULL-Zeiger-Dereferenz ausl\u00f6sen, um einen Denial-of-Service-Zustand zu erzeugen."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "1076561",
          "T012167",
          "T015301",
          "T004914",
          "T017100",
          "T026829",
          "T025619",
          "2951",
          "T002207",
          "T000126",
          "367115",
          "T019617",
          "398363",
          "1727",
          "T026982"
        ]
      },
      "release_date": "2022-11-15T23:00:00Z",
      "title": "CVE-2021-44758"
    },
    {
      "cve": "CVE-2022-41916",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Heimdal bez\u00fcglich der Normalisierung von Unicode. Es wird versucht, ein Byte hinter dem Ende eines Arrays zu lesen. Ein Angreifer kann dies f\u00fcr einen Denial of Service Angriff ausnutzen."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "1076561",
          "T012167",
          "T015301",
          "T004914",
          "T017100",
          "T026829",
          "T025619",
          "2951",
          "T002207",
          "T000126",
          "367115",
          "T019617",
          "398363",
          "1727",
          "T026982"
        ]
      },
      "release_date": "2022-11-15T23:00:00Z",
      "title": "CVE-2022-41916"
    },
    {
      "cve": "CVE-2022-42898",
      "notes": [
        {
          "category": "description",
          "text": "Es gibt eine Schwachstelle in Heimdal, wie es zum Beispiel in Samba, MIT Kerberos und FreeBSD OS verwendet wird. Bei der Verarbeitung von Privilege-Attribute-Zertifikaten (PAC) k\u00f6nnen mehrere Integer-\u00dcberlaufsituationen auftreten. Ein Angreifer kann dies ausnutzen, um einen Denial of Service Zustand zu erzeugen und KDC-Informationen offenzulegen. Auf 32-Bit-Plattformen kann ein Angreifer dies auch ausnutzen, um potenziell beliebigen Code auszuf\u00fchren. Der Angreifer muss im Besitz des Langzeitschl\u00fcssels des Dienstes sein, um dies erfolgreich auszunutzen."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "1076561",
          "T012167",
          "T015301",
          "T004914",
          "T017100",
          "T026829",
          "T025619",
          "2951",
          "T002207",
          "T000126",
          "367115",
          "T019617",
          "398363",
          "1727",
          "T026982"
        ]
      },
      "release_date": "2022-11-15T23:00:00Z",
      "title": "CVE-2022-42898"
    },
    {
      "cve": "CVE-2022-44640",
      "notes": [
        {
          "category": "description",
          "text": "In Heimdal besteht eine Schwachstelle im ASN.1 Codec. Beim Umgang mit speziell gestalteten DER-kodierten Eingaben kann eine ung\u00fcltige \"free()\"-Operation an einer Adresse auftreten, die teilweise oder vollst\u00e4ndig unter der Kontrolle des Angreifers steht. Ein Angreifer kann dies ausnutzen, um potenziell beliebigen Code auf dem KDC auszuf\u00fchren, was bedeutet, dass Anmeldeinformationen kompromittiert werden k\u00f6nnen, die dazu verwendet werden k\u00f6nnen, sich als ein beliebiger Benutzer in einem Realm oder Forest of Realms auszugeben."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "1076561",
          "T012167",
          "T015301",
          "T004914",
          "T017100",
          "T026829",
          "T025619",
          "2951",
          "T002207",
          "T000126",
          "367115",
          "T019617",
          "398363",
          "1727",
          "T026982"
        ]
      },
      "release_date": "2022-11-15T23:00:00Z",
      "title": "CVE-2022-44640"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.