Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2020-10595

Published: 31/03/2020 Updated: 04/04/2020
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Pam-krb5 Project

Vulnerability Summary

pam-krb5 prior to 4.9 has a buffer overflow that might cause remote code execution in situations involving supplemental prompting by a Kerberos library. It may overflow a buffer provided by the underlying Kerberos library by a single '\0' byte if an attacker responds to a prompt with an answer of a carefully chosen length. The effect may range from heap corruption to stack corruption depending on the structure of the underlying Kerberos library, with unknown effects but possibly including code execution. This code path is not used for normal authentication, but only when the Kerberos library does supplemental prompting, such as with PKINIT or when using the non-standard no_prompt PAM configuration option.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

pam-krb5 project pam-krb5

debian debian linux 8.0

debian debian linux 9.0

debian debian linux 10.0

Vendor Advisories

Ubuntu Security Notice: libpam-krb5 vulnerability
pam-krb5 could be made to execute arbitrary code if it received a specially crafted response ...
Debian Security Advisories: DSA-4648-1 libpam-krb5 -- security update
Russ Allbery discovered a buffer overflow in the PAM module for MIT Kerberos, which could result in denial of service or potentially the execution of arbitrary code For the oldstable distribution (stretch), this problem has been fixed in version 47-4+deb9u1 For the stable distribution (buster), this problem has been fixed in version 48-2+deb10u ...
Arch Linux Issues:
A heap-based one-byte out-of-bounds write has been found in pam-krb5 before 49 During prompting initiated by the Kerberos library, an attacker who enters a response exactly as long as the length of the buffer provided by the underlying Kerberos library will cause pam-krb5 to write a single nul byte past the end of that buffer The effect of this ...

References

CWE-120https://github.com/rra/pam-krb5/commit/e7879e27a37119fad4faf133a9f70bdcdc75d760http://www.openwall.com/lists/oss-security/2020/03/31/1https://www.debian.org/security/2020/dsa-4648https://lists.debian.org/debian-lts-announce/2020/04/msg00000.htmlhttps://usn.ubuntu.com/4314-1/https://www.eyrie.org/~eagle/software/pam-krb5/security/2020-03-30.htmlhttps://usn.ubuntu.com/4314-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook