{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "pam-krb5 before 4.9 has a buffer overflow that might cause remote code execution in situations involving supplemental prompting by a Kerberos library. It may overflow a buffer provided by the underlying Kerberos library by a single '\\0' byte if an attacker responds to a prompt with an answer of a carefully chosen length. The effect may range from heap corruption to stack corruption depending on the structure of the underlying Kerberos library, with unknown effects but possibly including code execution. This code path is not used for normal authentication, but only when the Kerberos library does supplemental prompting, such as with PKINIT or when using the non-standard no_prompt PAM configuration option."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-04-06T12:28:20", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/rra/pam-krb5/commit/e7879e27a37119fad4faf133a9f70bdcdc75d760"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.openwall.com/lists/oss-security/2020/03/31/1"}, {"name": "DSA-4648", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2020/dsa-4648"}, {"name": "[debian-lts-announce] 20200401 [SECURITY] [DLA 2166-1] libpam-krb5 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00000.html"}, {"name": "USN-4314-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4314-1/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.eyrie.org/~eagle/software/pam-krb5/security/2020-03-30.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-10595", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "pam-krb5 before 4.9 has a buffer overflow that might cause remote code execution in situations involving supplemental prompting by a Kerberos library. It may overflow a buffer provided by the underlying Kerberos library by a single '\\0' byte if an attacker responds to a prompt with an answer of a carefully chosen length. The effect may range from heap corruption to stack corruption depending on the structure of the underlying Kerberos library, with unknown effects but possibly including code execution. This code path is not used for normal authentication, but only when the Kerberos library does supplemental prompting, such as with PKINIT or when using the non-standard no_prompt PAM configuration option."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/rra/pam-krb5/commit/e7879e27a37119fad4faf133a9f70bdcdc75d760", "refsource": "CONFIRM", "url": "https://github.com/rra/pam-krb5/commit/e7879e27a37119fad4faf133a9f70bdcdc75d760"}, {"name": "http://www.openwall.com/lists/oss-security/2020/03/31/1", "refsource": "CONFIRM", "url": "http://www.openwall.com/lists/oss-security/2020/03/31/1"}, {"name": "DSA-4648", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4648"}, {"name": "[debian-lts-announce] 20200401 [SECURITY] [DLA 2166-1] libpam-krb5 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00000.html"}, {"name": "USN-4314-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4314-1/"}, {"name": "https://www.eyrie.org/~eagle/software/pam-krb5/security/2020-03-30.html", "refsource": "MISC", "url": "https://www.eyrie.org/~eagle/software/pam-krb5/security/2020-03-30.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T11:06:09.951Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/rra/pam-krb5/commit/e7879e27a37119fad4faf133a9f70bdcdc75d760"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2020/03/31/1"}, {"name": "DSA-4648", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2020/dsa-4648"}, {"name": "[debian-lts-announce] 20200401 [SECURITY] [DLA 2166-1] libpam-krb5 security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00000.html"}, {"name": "USN-4314-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4314-1/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.eyrie.org/~eagle/software/pam-krb5/security/2020-03-30.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-10595", "datePublished": "2020-03-31T12:36:10", "dateReserved": "2020-03-16T00:00:00", "dateUpdated": "2024-08-04T11:06:09.951Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pam-krb5_project:pam-krb5:*:*:*:*:*:*:*:*", "matchCriteriaId": "BF19D71B-DDDF-48C8-89F2-7561C6A8972C", "versionEndExcluding": "4.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "pam-krb5 before 4.9 has a buffer overflow that might cause remote code execution in situations involving supplemental prompting by a Kerberos library. It may overflow a buffer provided by the underlying Kerberos library by a single '\\0' byte if an attacker responds to a prompt with an answer of a carefully chosen length. The effect may range from heap corruption to stack corruption depending on the structure of the underlying Kerberos library, with unknown effects but possibly including code execution. This code path is not used for normal authentication, but only when the Kerberos library does supplemental prompting, such as with PKINIT or when using the non-standard no_prompt PAM configuration option."}, {"lang": "es", "value": "pam-krb5 versiones anteriores a 4.9, presenta un desbordamiento del b\u00fafer que puede causar una ejecuci\u00f3n de c\u00f3digo remota en situaciones que involucran una sugerencia suplementaria para una biblioteca de Kerberos. Esto puede desbordar un b\u00fafer proporcionado por la biblioteca Kerberos subyacente por un solo byte \"\\0\" si un atacante responde a un aviso con una respuesta de una longitud cuidadosamente elegida. El efecto puede variar desde una corrupci\u00f3n en la regi\u00f3n heap hasta una corrupci\u00f3n en la regi\u00f3n stack dependiendo de la estructura de la biblioteca de Kerberos subyacente, con efectos desconocidos pero posiblemente incluyendo una ejecuci\u00f3n de c\u00f3digo. Esta ruta de c\u00f3digo no es usada para una autenticaci\u00f3n normal, sino solo cuando la biblioteca de Kerberos realiza una sugerencia suplementaria, tal y como con PKINIT o cuando se utiliza la opci\u00f3n de configuraci\u00f3n no_prompt PAM no est\u00e1ndar."}], "id": "CVE-2020-10595", "lastModified": "2020-04-04T00:15:23.717", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-03-31T13:15:13.130", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2020/03/31/1"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/rra/pam-krb5/commit/e7879e27a37119fad4faf133a9f70bdcdc75d760"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00000.html"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/4314-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2020/dsa-4648"}, {"source": "cve@mitre.org", "url": "https://www.eyrie.org/~eagle/software/pam-krb5/security/2020-03-30.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Russ Allbery for reporting this issue.", "bugzilla": {"description": "pam_krb5: incorrect input handling results in single byte buffer overflow which may lead to heap corruption", "id": "1816536", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816536"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-20->CWE-122", "details": ["pam-krb5 before 4.9 has a buffer overflow that might cause remote code execution in situations involving supplemental prompting by a Kerberos library. It may overflow a buffer provided by the underlying Kerberos library by a single '\\0' byte if an attacker responds to a prompt with an answer of a carefully chosen length. The effect may range from heap corruption to stack corruption depending on the structure of the underlying Kerberos library, with unknown effects but possibly including code execution. This code path is not used for normal authentication, but only when the Kerberos library does supplemental prompting, such as with PKINIT or when using the non-standard no_prompt PAM configuration option.", "A flaw was found during prompting initiated by the Kerberos library, where an attacker who enters a response exactly as long as the length of the buffer provided by the underlying Kerberos library, causes pam-krb5 to write a single null byte past the end of that buffer. This flaw results in heap corruption or a single-byte overwrite of another stack variable, with unknown consequences."], "name": "CVE-2020-10595", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "pam_krb5", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "pam_krb5", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "pam_krb5", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2020-03-31T03:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-10595\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-10595\nhttps://www.eyrie.org/~eagle/software/pam-krb5/security/2020-03-30.html"], "statement": "This issue does not affect the versions of pam_krb5 package shipped with Red Hat Products (https://pagure.io/pam_krb5)", "threat_severity": "Moderate", "upstream_fix": "pam-krb5 4.9"}