Vulnerability CVE-2021-36222

Vulnerability Name:

CVE-2021-36222 (CCN-206318)

Assigned:

2021-07-12

Published:

2021-07-12

Updated:

2021-11-28

Summary:

ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation.

CVSS v3 Severity:

7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

7.5 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Type:

CWE-476

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2021-36222

Source: XF
Type: UNKNOWN
mit-cve202136222-dos(206318)

Source: CCN
Type: krb5 GIT Repository
Fix KDC null deref on bad encrypted challenge

Source: CONFIRM
Type: Patch, Third Party Advisory
https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562

Source: MISC
Type: Release Notes, Third Party Advisory
https://github.com/krb5/krb5/releases

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20211022-0003/

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20211104-0007/

Source: MISC
Type: Not Applicable
https://web.mit.edu/kerberos/advisories/

Source: DEBIAN
Type: Third Party Advisory
DSA-4944

Source: CCN
Type: IBM Security Bulletin 6551876 (Cloud Pak for Security)
Cloud Pak for Security uses packages that are vulnerable to multiple CVEs

Source: CCN
Type: Oracle CPUOct2021
Oracle Critical Patch Update Advisory - October 2021

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2021-36222

Vulnerable Configuration:

Configuration 1:

cpe:/a:mit:kerberos_5:*:*:*:*:*:*:*:* (Version < 1.18.4)

OR cpe:/a:mit:kerberos_5:*:*:*:*:*:*:*:* (Version >= 1.19.0 and < 1.19.2)

Configuration 2:

cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 3:

cpe:/a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*

OR cpe:/a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*

OR cpe:/a:netapp:oncommand_insight:-:*:*:*:*:*:*:*

OR cpe:/a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*

OR cpe:/a:netapp:snapcenter:-:*:*:*:*:*:*:*

Configuration 4:

cpe:/a:oracle:mysql_server:*:*:*:*:*:*:*:* (Version >= 8.0.0 and <= 8.0.26)

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

Configuration CCN 1:

cpe:/a:mit:kerberos_5:1.18:*:*:*:*:*:*:*

AND

cpe:/a:ibm:cloud_pak_for_security:1.7.2.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:8045	P	ocaml-4.05.0-13.5 on GA media (Moderate)	2023-06-20
oval:org.opensuse.security:def:7543	P	krb5-1.20.1-150500.1.2 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7983	P	wireshark-devel-3.6.13-150000.3.89.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:757	P	Security update for the Linux Kernel (Important)	2022-09-14
oval:org.opensuse.security:def:6143	P	Security update for perl-HTTP-Daemon (Moderate)	2022-08-23
oval:org.opensuse.security:def:3658	P	Security update for mokutil (Moderate)	2022-08-03
oval:org.opensuse.security:def:3471	P	dbus-1-glib-0.100.2-3.58 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3483	P	eog-3.20.4-7.7 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:2963	P	krb5-1.19.2-150400.1.9 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94593	P	krb5-1.19.2-150400.1.9 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94583	P	ipsec-tools-0.8.2-5.35 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95113	P	krb5-plugin-kdb-ldap-1.19.2-150400.1.9 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:127300	P	Security update for SUSE Manager Client Tools (Important)	2022-06-20
oval:org.opensuse.security:def:125737	P	Security update for SUSE Manager Client Tools (Important)	2022-06-20
oval:org.opensuse.security:def:6077	P	Security update for SUSE Manager Client Tools (Important)	2022-06-20
oval:org.opensuse.security:def:126903	P	Security update for SUSE Manager Client Tools (Important)	2022-06-20
oval:org.opensuse.security:def:102173	P	Security update for SUSE Manager Client Tools (Moderate)	2022-04-25
oval:org.opensuse.security:def:95361	P	Security update for icedtea-web (Important)	2022-04-19
oval:org.opensuse.security:def:99724	P	(Important)	2022-03-29
oval:org.opensuse.security:def:99480	P	(Critical)	2022-02-08
oval:org.opensuse.security:def:102309	P	Security update for samba (Critical)	2022-02-08
oval:org.opensuse.security:def:100744	P	(Critical)	2022-02-08
oval:org.opensuse.security:def:99742	P	(Critical)	2022-02-08
oval:org.opensuse.security:def:1685	P	Security update for samba (Critical)	2022-02-08
oval:org.opensuse.security:def:100072	P	(Critical)	2022-02-08
oval:org.opensuse.security:def:935	P	Security update for samba (Critical)	2022-02-08
oval:org.opensuse.security:def:101627	P	Security update for samba (Critical)	2022-02-08
oval:org.opensuse.security:def:99206	P	(Critical)	2022-02-08
oval:org.opensuse.security:def:1757	P	Security update for samba (Critical)	2022-02-08
oval:org.opensuse.security:def:102246	P	Security update for samba (Critical)	2022-02-08
oval:org.opensuse.security:def:100410	P	(Critical)	2022-02-08
oval:org.opensuse.security:def:42332	P	Security update for samba (Critical)	2022-02-08
oval:org.opensuse.security:def:1586	P	Security update for samba (Critical)	2022-02-08
oval:org.opensuse.security:def:102146	P	Security update for samba (Critical)	2022-02-08
oval:org.opensuse.security:def:112519	P	krb5-1.19.2-2.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:100034	P	(Important)	2021-12-22
oval:org.opensuse.security:def:93278	P	(Important)	2021-12-06
oval:org.opensuse.security:def:102074	P	Security update for postgresql13 (Important)	2021-11-22
oval:org.opensuse.security:def:106010	P	krb5-1.19.2-2.2 on GA media (Moderate)	2021-10-01
oval:com.redhat.rhsa:def:20213576	P	RHSA-2021:3576: krb5 security update (Moderate)	2021-09-21
oval:org.opensuse.security:def:111022	P	Security update for krb5 (Important)	2021-08-23
oval:org.opensuse.security:def:75970	P	Security update for krb5 (Important)	2021-08-20
oval:org.opensuse.security:def:8827	P	Security update for krb5 (Important)	2021-08-20
oval:org.opensuse.security:def:99525	P	Security update for krb5 (Important)	2021-08-20
oval:org.opensuse.security:def:117476	P	Security update for krb5 (Important)	2021-08-20
oval:org.opensuse.security:def:109420	P	Security update for krb5 (Important)	2021-08-20
oval:org.opensuse.security:def:91988	P	Security update for krb5 (Important)	2021-08-20
oval:org.opensuse.security:def:66902	P	Security update for krb5 (Important)	2021-08-20
oval:org.opensuse.security:def:10326	P	Security update for krb5 (Important)	2021-08-20
oval:org.opensuse.security:def:98938	P	Security update for krb5 (Important)	2021-08-20
oval:org.opensuse.security:def:92774	P	Security update for krb5 (Important)	2021-08-20
oval:org.opensuse.security:def:1622	P	Security update for krb5 (Important)	2021-08-20
oval:org.opensuse.security:def:69716	P	Security update for krb5 (Important)	2021-08-20
oval:org.opensuse.security:def:76300	P	Security update for krb5 (Important)	2021-08-20
oval:org.opensuse.security:def:9022	P	Security update for krb5 (Important)	2021-08-20
oval:org.opensuse.security:def:118516	P	Security update for krb5 (Important)	2021-08-20
oval:org.opensuse.security:def:92183	P	Security update for krb5 (Important)	2021-08-20
oval:org.opensuse.security:def:67232	P	Security update for krb5 (Important)	2021-08-20
oval:org.opensuse.security:def:101488	P	Security update for krb5 (Important)	2021-08-20
oval:org.opensuse.security:def:73682	P	Security update for krb5 (Important)	2021-08-20
oval:org.opensuse.security:def:102754	P	Security update for krb5 (Important)	2021-08-20
oval:org.opensuse.security:def:99133	P	Security update for krb5 (Important)	2021-08-20
oval:org.opensuse.security:def:107962	P	Security update for krb5 (Important)	2021-08-20
oval:org.opensuse.security:def:92972	P	Security update for krb5 (Important)	2021-08-20
oval:org.opensuse.security:def:69915	P	Security update for krb5 (Important)	2021-08-20
oval:org.opensuse.security:def:102198	P	Security update for krb5 (Important)	2021-08-20
oval:org.opensuse.security:def:64560	P	Security update for krb5 (Important)	2021-08-20
oval:org.opensuse.security:def:9576	P	Security update for krb5 (Important)	2021-08-20
oval:org.opensuse.security:def:42112	P	Security update for krb5 (Important)	2021-08-20
oval:org.opensuse.security:def:92376	P	Security update for krb5 (Important)	2021-08-20
oval:org.opensuse.security:def:69072	P	Security update for krb5 (Important)	2021-08-20
oval:org.opensuse.security:def:73869	P	Security update for krb5 (Important)	2021-08-20
oval:org.opensuse.security:def:99326	P	Security update for krb5 (Important)	2021-08-20
oval:org.opensuse.security:def:108740	P	Security update for krb5 (Important)	2021-08-20
oval:org.opensuse.security:def:93125	P	Security update for krb5 (Important)	2021-08-20
oval:org.opensuse.security:def:70466	P	Security update for krb5 (Important)	2021-08-20
oval:org.opensuse.security:def:64747	P	Security update for krb5 (Important)	2021-08-20
oval:org.opensuse.security:def:9775	P	Security update for krb5 (Important)	2021-08-20
oval:org.opensuse.security:def:101296	P	Security update for krb5 (Important)	2021-08-20
oval:org.opensuse.security:def:5813	P	Security update for krb5 (Important)	2021-08-20
oval:org.opensuse.security:def:96064	P	Security update for krb5 (Important)	2021-08-20
oval:org.opensuse.security:def:111679	P	Security update for krb5 (Important)	2021-08-20
oval:org.opensuse.security:def:92575	P	Security update for krb5 (Important)	2021-08-20
oval:org.opensuse.security:def:69134	P	Security update for krb5 (Important)	2021-08-20

BACK