CVE-2020-10595: Buffer Overflow
First published: Tue Mar 31 2020(Updated: )
pam-krb5 before 4.9 has a buffer overflow that might cause remote code execution in situations involving supplemental prompting by a Kerberos library. It may overflow a buffer provided by the underlying Kerberos library by a single '\0' byte if an attacker responds to a prompt with an answer of a carefully chosen length. The effect may range from heap corruption to stack corruption depending on the structure of the underlying Kerberos library, with unknown effects but possibly including code execution. This code path is not used for normal authentication, but only when the Kerberos library does supplemental prompting, such as with PKINIT or when using the non-standard no_prompt PAM configuration option.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ubuntu/libpam-krb5 | <4.8-1ubuntu0.1 | 4.8-1ubuntu0.1 |
| ubuntu/libpam-krb5 | <4.8-2ubuntu0.1 | 4.8-2ubuntu0.1 |
| ubuntu/libpam-krb5 | <4.6-2ubuntu0.1~ | 4.6-2ubuntu0.1~ |
| ubuntu/libpam-krb5 | <4.7-2ubuntu0.1 | 4.7-2ubuntu0.1 |
| debian/libpam-krb5 | 4.9-2 4.11-1 4.11-2 | |
| Red Hat PAM Krb5 | <4.9 | |
| Debian Linux | =8.0 | |
| Debian Linux | =9.0 | |
| Debian Linux | =10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2020/03/31/1
- https://github.com/rra/pam-krb5/commit/e7879e27a37119fad4faf133a9f70bdcdc75d760
- https://lists.debian.org/debian-lts-announce/2020/04/msg00000.html
- https://usn.ubuntu.com/4314-1/
- https://www.debian.org/security/2020/dsa-4648
- https://www.eyrie.org/~eagle/software/pam-krb5/security/2020-03-30.html
- https://launchpad.net/bugs/cve/CVE-2020-10595
- https://www.openwall.com/lists/oss-security/2020/03/31/1
- https://security-tracker.debian.org/tracker/CVE-2020-10595
- https://ubuntu.com/security/notices/USN-4314-1
- https://www.cve.org/CVERecord?id=CVE-2020-10595
- https://nvd.nist.gov/vuln/detail/CVE-2020-10595
- https://ubuntu.com/security/CVE-2020-10595
Frequently Asked Questions
What is the severity of CVE-2020-10595?
CVE-2020-10595 has a critical severity level due to its potential for remote code execution.
How do I fix CVE-2020-10595?
To fix CVE-2020-10595, upgrade the libpam-krb5 package to versions 4.8-1ubuntu0.1 or later for Ubuntu, or appropriate versions for Debian.
What types of systems are affected by CVE-2020-10595?
CVE-2020-10595 affects systems running versions of libpam-krb5 before 4.9, particularly on Ubuntu and Debian distributions.
How does CVE-2020-10595 exploit a vulnerability?
CVE-2020-10595 exploits a buffer overflow condition during supplemental prompting, which can lead to remote code execution.
Are there known exploits for CVE-2020-10595?
While specific exploits for CVE-2020-10595 have not been publicly disclosed, the vulnerability itself presents a high risk for exploitation.
- agent/type
- collector/launchpad-cve
- source/Launchpad
- agent/remedy
- agent/first-publish-date
- agent/weakness
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/usn-cve
- source/Ubuntu
- agent/software-canonical-lookup
- agent/references
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/trending
- agent/source
- agent/author
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- package-manager/ubuntu
- package-manager/debian
- vendor/pam-krb5 project
- canonical/red hat pam krb5
- vendor/debian
- canonical/debian linux
- version/debian linux/8.0
- version/debian linux/9.0
- version/debian linux/10.0