security/krb5-*: Address CVE-2022-42898

Topic: Vulnerabilities in PAC parsing

CVE-2022-42898: integer overflow vulnerabilities in PAC parsing

SUMMARY

Three integer overflow vulnerabilities have been discovered in the MIT
krb5 library function krb5_parse_pac().

IMPACT

An authenticated attacker may be able to cause a KDC or kadmind
process to crash by reading beyond the bounds of allocated memory,
creating a denial of service. A privileged attacker may similarly be
able to cause a Kerberos or GSS application service to crash.

On a 32-bit platform, an authenticated attacker may be able to cause
heap corruption in a KDC or kadmind process, possibly leading to
remote code execution. A privileged attacker may similarly be able to
cause heap corruption in a Kerberos or GSS application service running
on a 32-bit platform.

An attacker with the privileges of a cross-realm KDC may be able to
extract secrets from a KDC process's memory by having them copied into
the PAC of a new ticket.

AFFECTED SOFTWARE

Kerberos and GSS application services using krb5-1.8 or later are
affected. kadmind in krb5-1.8 or later is affected. The krb5-1.20
KDC is affected. The krb5-1.8 through krb5-1.19 KDC is affected when
using the Samba or FreeIPA KDB modules.

REFERENCES

This announcement is posted at:

https://web.mit.edu/kerberos/advisories/MITKRB5-SA-2022-001.txt

This announcement and related security advisories may be found on the
MIT Kerberos security advisory page at:

https://web.mit.edu/kerberos/advisories/index.html

The main MIT Kerberos web page is at:

https://web.mit.edu/kerberos/index.html

CVE:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42898

Security: CVE-2022-42898
(cherry picked from commit de40003bfd697e98cdd342e253699e83e1040961)