ALT-PU-2020-3361-1
Closed vulnerabilities
Published: 2023-06-26
BDU:2023-03437
Уязвимость реализации сетевого протокола Kerberos операционных систем Debian GNU/Linux, Red Hat Enterprise Linux, Ubuntu, Fedora, Альт 8 СП, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.5)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2020-11-06
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2020-28196
MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit.
Severity: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- https://github.com/krb5/krb5/commit/57415dda6cf04e73ffc3723be518eddfae599bfd
- https://github.com/krb5/krb5/commit/57415dda6cf04e73ffc3723be518eddfae599bfd
- [bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [debian-lts-announce] 20201107 [SECURITY] [DLA 2437-1] krb5 security update
- [debian-lts-announce] 20201107 [SECURITY] [DLA 2437-1] krb5 security update
- FEDORA-2020-0df38b2843
- FEDORA-2020-0df38b2843
- FEDORA-2020-32193cbbe6
- FEDORA-2020-32193cbbe6
- FEDORA-2020-27b577ab23
- FEDORA-2020-27b577ab23
- GLSA-202011-17
- GLSA-202011-17
- https://security.netapp.com/advisory/ntap-20201202-0001/
- https://security.netapp.com/advisory/ntap-20201202-0001/
- https://security.netapp.com/advisory/ntap-20210513-0002/
- https://security.netapp.com/advisory/ntap-20210513-0002/
- DSA-4795
- DSA-4795
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpuapr2022.html