2023-06-22 18:00:31 +00:00
{
"id" : "CVE-2023-3326" ,
"sourceIdentifier" : "secteam@freebsd.org" ,
"published" : "2023-06-22T17:15:44.833" ,
2023-08-01 23:55:31 +00:00
"lastModified" : "2023-08-01T23:15:30.827" ,
"vulnStatus" : "Modified" ,
2023-06-22 18:00:31 +00:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "pam_krb5 authenticates a user by essentially running kinit with the password, getting a ticket-granting ticket (tgt) from the Kerberos KDC (Key Distribution Center) over the network, as a way to verify the password. However, if a keytab is not provisioned on the system, pam_krb5 has no way to validate the response from the KDC, and essentially trusts the tgt provided over the network as being valid. In a non-default FreeBSD installation that leverages pam_krb5 for authentication and does not have a keytab provisioned, an attacker that is able to control both the password and the KDC responses can return a valid tgt, allowing authentication to occur for any user on the system.\n"
}
] ,
2023-06-30 18:00:43 +00:00
"metrics" : {
"cvssMetricV31" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" ,
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
"availabilityImpact" : "HIGH" ,
"baseScore" : 9.8 ,
"baseSeverity" : "CRITICAL"
} ,
"exploitabilityScore" : 3.9 ,
"impactScore" : 5.9
}
]
} ,
2023-06-22 18:00:31 +00:00
"weaknesses" : [
2023-06-30 18:00:43 +00:00
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-287"
}
]
} ,
2023-06-22 18:00:31 +00:00
{
"source" : "secteam@freebsd.org" ,
"type" : "Secondary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-303"
}
]
}
] ,
2023-06-30 18:00:43 +00:00
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "12.4" ,
"matchCriteriaId" : "A7F6C8B0-9D75-476C-ADBA-754416FBC186"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "13.0" ,
"versionEndExcluding" : "13.1" ,
"matchCriteriaId" : "D79AAEBE-0D5A-4C9C-95FD-6287A53EE1C0"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:freebsd:freebsd:12.4:-:*:*:*:*:*:*" ,
"matchCriteriaId" : "24920B4D-96C0-401F-B679-BEB086760EAF"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:freebsd:freebsd:12.4:p1:*:*:*:*:*:*" ,
"matchCriteriaId" : "3CE32730-A9F5-4E8D-BDA4-6B8232F84787"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:freebsd:freebsd:12.4:p2:*:*:*:*:*:*" ,
"matchCriteriaId" : "552E81DE-D409-475F-8ED0-E10A0BE43D29"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:freebsd:freebsd:12.4:rc2-p1:*:*:*:*:*:*" ,
"matchCriteriaId" : "BA821886-B26B-47A6-ABC9-B8F70CE0ACFB"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:freebsd:freebsd:12.4:rc2-p2:*:*:*:*:*:*" ,
"matchCriteriaId" : "220629AD-32CC-4303-86AE-1DD27F0E4C65"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:freebsd:freebsd:13.1:-:*:*:*:*:*:*" ,
"matchCriteriaId" : "DEEE6D52-27E4-438D-AE8D-7141320B5973"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:freebsd:freebsd:13.1:b1-p1:*:*:*:*:*:*" ,
"matchCriteriaId" : "66364EA4-83B1-4597-8C18-D5633B361A9C"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:freebsd:freebsd:13.1:b2-p2:*:*:*:*:*:*" ,
"matchCriteriaId" : "EF9292DD-EFB1-4B50-A941-7485D901489F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:freebsd:freebsd:13.1:p1:*:*:*:*:*:*" ,
"matchCriteriaId" : "EFB18F55-4F5C-4166-9A7E-6F6617179A90"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:freebsd:freebsd:13.1:p2:*:*:*:*:*:*" ,
"matchCriteriaId" : "66E1C269-841F-489A-9A0A-5D145B417E0A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:freebsd:freebsd:13.1:p3:*:*:*:*:*:*" ,
"matchCriteriaId" : "ECF1B567-F764-45F5-A793-BEA93720F952"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:freebsd:freebsd:13.1:p4:*:*:*:*:*:*" ,
"matchCriteriaId" : "DAFE3F33-2C57-4B52-B658-82572607BD8C"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:freebsd:freebsd:13.1:p5:*:*:*:*:*:*" ,
"matchCriteriaId" : "C925DF75-2785-44BD-91CA-66D29C296689"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:freebsd:freebsd:13.1:p6:*:*:*:*:*:*" ,
"matchCriteriaId" : "BCE2DAEC-81A5-49E9-B7E7-4F143FA6B3F7"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:freebsd:freebsd:13.1:p7:*:*:*:*:*:*" ,
"matchCriteriaId" : "7725D503-1437-4F90-B30C-007193D5F0E1"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:freebsd:freebsd:13.1:rc1-p1:*:*:*:*:*:*" ,
"matchCriteriaId" : "B536EE52-ED49-4A85-BC9D-A27828D5A961"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:freebsd:freebsd:13.2:-:*:*:*:*:*:*" ,
"matchCriteriaId" : "A87EFA20-DD6B-41C5-98FD-A29F67D2E732"
}
]
}
]
}
] ,
2023-06-22 18:00:31 +00:00
"references" : [
{
"url" : "https://security.FreeBSD.org/advisories/FreeBSD-SA-23:04.pam_krb5.asc" ,
2023-06-30 18:00:43 +00:00
"source" : "secteam@freebsd.org" ,
"tags" : [
"Mitigation" ,
"Vendor Advisory"
]
2023-07-18 10:01:36 +00:00
} ,
2023-08-01 23:55:31 +00:00
{
"url" : "https://security.FreeBSD.org/advisories/FreeBSD-SA-23:09.pam_krb5.asc" ,
"source" : "secteam@freebsd.org"
} ,
2023-07-18 10:01:36 +00:00
{
"url" : "https://security.netapp.com/advisory/ntap-20230714-0005/" ,
2023-07-21 20:00:36 +00:00
"source" : "secteam@freebsd.org" ,
"tags" : [
"Third Party Advisory"
]
2023-06-22 18:00:31 +00:00
}
]
}
