Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-5344.NASL
HistoryFeb 09, 2023 - 12:00 a.m.

Debian DSA-5344-1 : heimdal - security update

2023-02-0900:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14
debian 11
heimdal
security update
logic inversion
buffer overflow

0.01 Low

EPSS

Percentile

83.7%

JSON

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5344 advisory.

  • The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding != 0 comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches (and possibly other branches) a logic inversion sneaked in causing the validation of message integrity codes in gssapi/arcfour to be inverted. (CVE-2022-45142)

  • A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack. (CVE-2022-3437)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
#
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory dsa-5344. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('compat.inc');

if (description)
{
  script_id(171237);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/03/21");

  script_cve_id("CVE-2022-3437", "CVE-2022-45142");

  script_name(english:"Debian DSA-5344-1 : heimdal - security update");

  script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing one or more security-related updates.");
  script_set_attribute(attribute:"description", value:
"The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the
dsa-5344 advisory.

  - The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug
    by adding != 0 comparisons to the result of memcmp. When these patches were backported to the
    heimdal-7.7.1 and heimdal-7.8.0 branches (and possibly other branches) a logic inversion sneaked in
    causing the validation of message integrity codes in gssapi/arcfour to be inverted. (CVE-2022-45142)

  - A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and
    unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI
    library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a
    maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the
    application, possibly resulting in a denial of service (DoS) attack. (CVE-2022-3437)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030849");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/heimdal");
  script_set_attribute(attribute:"see_also", value:"https://www.debian.org/security/2023/dsa-5344");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2022-3437");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2022-45142");
  script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/bullseye/heimdal");
  script_set_attribute(attribute:"solution", value:
"Upgrade the heimdal packages.

For the stable distribution (bullseye), this problem has been fixed in version 7.7.0+dfsg-2+deb11u3.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-45142");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/10/25");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/02/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/02/09");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:heimdal-clients");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:heimdal-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:heimdal-docs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:heimdal-kcm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:heimdal-kdc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:heimdal-multidev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:heimdal-servers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libasn1-8-heimdal");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libgssapi3-heimdal");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libhcrypto4-heimdal");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libhdb9-heimdal");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libheimbase1-heimdal");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libheimntlm0-heimdal");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libhx509-5-heimdal");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libkadm5clnt7-heimdal");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libkadm5srv8-heimdal");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libkafs0-heimdal");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libkdc2-heimdal");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libkrb5-26-heimdal");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libotp0-heimdal");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libroken18-heimdal");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsl0-heimdal");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libwind0-heimdal");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:11.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Debian Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);

var debian_release = get_kb_item('Host/Debian/release');
if ( isnull(debian_release) ) audit(AUDIT_OS_NOT, 'Debian');
debian_release = chomp(debian_release);
if (! preg(pattern:"^(11)\.[0-9]+", string:debian_release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + debian_release);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);

var pkgs = [
    {'release': '11.0', 'prefix': 'heimdal-clients', 'reference': '7.7.0+dfsg-2+deb11u3'},
    {'release': '11.0', 'prefix': 'heimdal-dev', 'reference': '7.7.0+dfsg-2+deb11u3'},
    {'release': '11.0', 'prefix': 'heimdal-docs', 'reference': '7.7.0+dfsg-2+deb11u3'},
    {'release': '11.0', 'prefix': 'heimdal-kcm', 'reference': '7.7.0+dfsg-2+deb11u3'},
    {'release': '11.0', 'prefix': 'heimdal-kdc', 'reference': '7.7.0+dfsg-2+deb11u3'},
    {'release': '11.0', 'prefix': 'heimdal-multidev', 'reference': '7.7.0+dfsg-2+deb11u3'},
    {'release': '11.0', 'prefix': 'heimdal-servers', 'reference': '7.7.0+dfsg-2+deb11u3'},
    {'release': '11.0', 'prefix': 'libasn1-8-heimdal', 'reference': '7.7.0+dfsg-2+deb11u3'},
    {'release': '11.0', 'prefix': 'libgssapi3-heimdal', 'reference': '7.7.0+dfsg-2+deb11u3'},
    {'release': '11.0', 'prefix': 'libhcrypto4-heimdal', 'reference': '7.7.0+dfsg-2+deb11u3'},
    {'release': '11.0', 'prefix': 'libhdb9-heimdal', 'reference': '7.7.0+dfsg-2+deb11u3'},
    {'release': '11.0', 'prefix': 'libheimbase1-heimdal', 'reference': '7.7.0+dfsg-2+deb11u3'},
    {'release': '11.0', 'prefix': 'libheimntlm0-heimdal', 'reference': '7.7.0+dfsg-2+deb11u3'},
    {'release': '11.0', 'prefix': 'libhx509-5-heimdal', 'reference': '7.7.0+dfsg-2+deb11u3'},
    {'release': '11.0', 'prefix': 'libkadm5clnt7-heimdal', 'reference': '7.7.0+dfsg-2+deb11u3'},
    {'release': '11.0', 'prefix': 'libkadm5srv8-heimdal', 'reference': '7.7.0+dfsg-2+deb11u3'},
    {'release': '11.0', 'prefix': 'libkafs0-heimdal', 'reference': '7.7.0+dfsg-2+deb11u3'},
    {'release': '11.0', 'prefix': 'libkdc2-heimdal', 'reference': '7.7.0+dfsg-2+deb11u3'},
    {'release': '11.0', 'prefix': 'libkrb5-26-heimdal', 'reference': '7.7.0+dfsg-2+deb11u3'},
    {'release': '11.0', 'prefix': 'libotp0-heimdal', 'reference': '7.7.0+dfsg-2+deb11u3'},
    {'release': '11.0', 'prefix': 'libroken18-heimdal', 'reference': '7.7.0+dfsg-2+deb11u3'},
    {'release': '11.0', 'prefix': 'libsl0-heimdal', 'reference': '7.7.0+dfsg-2+deb11u3'},
    {'release': '11.0', 'prefix': 'libwind0-heimdal', 'reference': '7.7.0+dfsg-2+deb11u3'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var _release = NULL;
  var prefix = NULL;
  var reference = NULL;
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (_release && prefix && reference) {
    if (deb_check(release:_release, prefix:prefix, reference:reference)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : deb_report_get()
  );
  exit(0);
}
else
{
  var tested = deb_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'heimdal-clients / heimdal-dev / heimdal-docs / heimdal-kcm / etc');
}
VendorProductVersionCPE
debiandebian_linuxheimdal-clientsp-cpe:/a:debian:debian_linux:heimdal-clients
debiandebian_linuxheimdal-devp-cpe:/a:debian:debian_linux:heimdal-dev
debiandebian_linuxheimdal-docsp-cpe:/a:debian:debian_linux:heimdal-docs
debiandebian_linuxheimdal-kcmp-cpe:/a:debian:debian_linux:heimdal-kcm
debiandebian_linuxheimdal-kdcp-cpe:/a:debian:debian_linux:heimdal-kdc
debiandebian_linuxheimdal-multidevp-cpe:/a:debian:debian_linux:heimdal-multidev
debiandebian_linuxheimdal-serversp-cpe:/a:debian:debian_linux:heimdal-servers
debiandebian_linuxlibasn1-8-heimdalp-cpe:/a:debian:debian_linux:libasn1-8-heimdal
debiandebian_linuxlibgssapi3-heimdalp-cpe:/a:debian:debian_linux:libgssapi3-heimdal
debiandebian_linuxlibhcrypto4-heimdalp-cpe:/a:debian:debian_linux:libhcrypto4-heimdal
Rows per page:
1-10 of 241

Related

nvd 2
prion 2
debian 6
nessus 37
redhatcve 2
cvelist 2
openvas 39
cve 2
ubuntucve 2
debiancve 2
alpinelinux 2
mageia 3
osv 13
redos 2
veracode 2
ubuntu 5
cloudfoundry 2
wolfi 1
cbl_mariner 3
cgr 1
ibm 2
freebsd 2
samba 1
altlinux 1
f5 1
slackware 1
vulnrichment 1
fedora 6
cisa 1
gentoo 2
freebsd_advisory 1
ics 1
apple 1
avleonov 1
nvd
nvd
CVE-2022-45142
2023-03-06 23:15:11
CVE-2022-3437
2023-01-12 15:15:10
prion
prion
Design/Logic Flaw
2023-03-06 23:15:00
Heap overflow
2023-01-12 15:15:00
debian
debian
[SECURITY] [DLA 3311-1] heimdal security update
2023-02-08 11:57:40
[SECURITY] [DSA 5344-1] heimdal security update
2023-02-08 12:46:12
[SECURITY] [DSA 5647-1] samba security update
2024-03-24 20:22:16
nessus
nessus
Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : Heimdal vulnerabilities (USN-5849-1)
2023-02-08 00:00:00
Debian DLA-3311-1 : heimdal - LTS security update
2023-02-08 00:00:00
CBL Mariner 2.0 Security Update: heimdal (CVE-2022-45142)
2023-03-28 00:00:00
redhatcve
redhatcve
CVE-2022-45142
2023-02-09 13:26:48
CVE-2022-3437
2022-10-26 14:23:02
cvelist
cvelist
CVE-2022-45142
2023-03-06 00:00:00
CVE-2022-3437
2023-01-12 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-5344-1)
2023-02-09 00:00:00
Mageia: Security Advisory (MGASA-2023-0098)
2023-03-28 00:00:00
Debian: Security Advisory (DLA-3311-1)
2023-02-09 00:00:00
cve
cve
CVE-2022-45142
2023-03-06 23:15:11
CVE-2022-3437
2023-01-12 15:15:10
ubuntucve
ubuntucve
CVE-2022-3437
2022-10-27 00:00:00
CVE-2022-45142
2023-02-08 00:00:00
debiancve
debiancve
CVE-2022-45142
2023-03-06 23:15:11
CVE-2022-3437
2023-01-12 15:15:10
alpinelinux
alpinelinux
CVE-2022-45142
2023-03-06 23:15:11
CVE-2022-3437
2023-01-12 15:15:10
mageia
mageia
Updated heimdal packages fix security vulnerability
2023-03-19 01:16:28
Updated samba packages fix security vulnerability
2023-01-24 10:58:24
Updated heimdal packages fix security vulnerability
2022-12-17 21:48:08
osv
osv
CVE-2022-45142
2023-03-06 23:15:11
heimdal vulnerabilities
2023-02-08 13:11:59
heimdal - security update
2023-02-08 00:00:00
redos
redos
ROS-20230417-02
2023-04-17 00:00:00
ROS-20230324-01
2023-03-24 00:00:00
veracode
veracode
Business Logic Errors
2023-02-11 03:32:58
Buffer Overflow
2022-11-07 07:28:09
ubuntu
ubuntu
Heimdal vulnerabilities
2023-02-08 00:00:00
Heimdal vulnerabilities
2023-01-12 00:00:00
Samba vulnerabilities
2023-03-08 00:00:00
cloudfoundry
cloudfoundry
USN-5849-1: Heimdal vulnerabilities | Cloud Foundry
2023-02-24 00:00:00
USN-5800-1: Heimdal vulnerabilities | Cloud Foundry
2023-02-01 00:00:00
wolfi
wolfi
CVE-2022-45142 vulnerabilities
2024-07-03 09:08:38
cbl_mariner
cbl_mariner
CVE-2022-45142 affecting package heimdal 7.7.1-1
2023-04-07 04:59:28
CVE-2022-45142 affecting package heimdal for versions less than 7.7.1-2
2023-03-24 23:56:03
CVE-2022-3437 affecting package samba 4.12.5-6
2024-07-03 03:08:37
cgr
cgr
CVE-2022-45142 vulnerabilities
2024-05-19 03:07:16
ibm
ibm
Security Bulletin: A vulnerability in Samba affects IBM Spectrum Scale SMB protocol access method (CVE-2022-3437)
2023-03-07 16:41:57
Security Bulletin: CVE-2022-45142, CVE-2022-4304, CVE-2022-4450 and CVE-2023-0215 may affect IBM CICS TX Advanced 10.1
2023-06-22 17:23:47
freebsd
freebsd
samba -- buffer overflow in Heimdal unwrap_des3()
2022-08-02 00:00:00
FreeBSD -- Multiple vulnerabilities in Heimdal
2022-11-15 00:00:00
samba
samba
Buffer overflow in Heimdal unwrap_des3()
2022-10-25 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package samba version 4.16.6-alt1
2022-10-27 00:00:00
f5
f5
K000133223 : Samba vulnerability CVE-2022-3437
2023-03-28 00:00:00
slackware
slackware
[slackware-security] samba
2022-10-25 18:53:43
vulnrichment
vulnrichment
CVE-2022-3437
2023-01-12 00:00:00
fedora
fedora
[SECURITY] Fedora 37 Update: samba-4.17.2-2.fc37
2022-11-10 22:53:16
[SECURITY] Fedora 36 Update: samba-4.16.6-0.fc36
2022-10-27 12:20:52
[SECURITY] Fedora 35 Update: samba-4.15.12-0.fc35
2022-12-02 06:21:54
cisa
cisa
Samba Releases Security UpdatesΒ 
2022-10-26 00:00:00
gentoo
gentoo
Heimdal: Multiple Vulnerabilities
2023-10-08 00:00:00
Samba: Multiple Vulnerabilities
2023-09-17 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-22:14.heimdal
2022-11-15 00:00:00
ics
ics
Siemens SCALANCE XCM-/XRM-300
2024-02-15 12:00:00
apple
apple
About the security content of macOS Ventura 13
2022-10-24 00:00:00
avleonov
avleonov
Scanvus now supports Vulners and Vulns.io VM Linux vulnerability detection APIs
2022-12-30 18:03:13

0.01 Low

EPSS

Percentile

83.7%

JSON
Related for DEBIAN_DSA-5344.NASL
nvd2prion2debian6nessus37redhatcve2cvelist2openvas39cve2ubuntucve2debiancve2alpinelinux2mageia3osv13redos2veracode2ubuntu5cloudfoundry2wolfi1cbl_mariner3cgr1ibm2freebsd2samba1altlinux1f51slackware1vulnrichment1fedora6cisa1gentoo2freebsd_advisory1ics1apple1avleonov1