CVE-2019-12098

In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c.
References
Link Resource
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00002.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00003.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00026.html Mailing List Third Party Advisory
http://www.h5l.org/pipermail/heimdal-announce/2019-May/000009.html Patch Vendor Advisory
https://github.com/heimdal/heimdal/commit/2f7f3d9960aa6ea21358bdf3687cee5149aa35cf Patch Third Party Advisory
https://github.com/heimdal/heimdal/compare/3e58559...bbafe72 Patch Third Party Advisory
https://github.com/heimdal/heimdal/releases/tag/heimdal-7.6.0 Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GIXEDVVMPD6ZAJSMI2EZ7FNEIVNWE5PD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SLXXIF4LOQEAEDAF4UGP2AO6WDNTDFUB/
https://seclists.org/bugtraq/2019/Jun/1 Mailing List Third Party Advisory
https://www.debian.org/security/2019/dsa-4455 Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00002.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00003.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00026.html Mailing List Third Party Advisory
http://www.h5l.org/pipermail/heimdal-announce/2019-May/000009.html Patch Vendor Advisory
https://github.com/heimdal/heimdal/commit/2f7f3d9960aa6ea21358bdf3687cee5149aa35cf Patch Third Party Advisory
https://github.com/heimdal/heimdal/compare/3e58559...bbafe72 Patch Third Party Advisory
https://github.com/heimdal/heimdal/releases/tag/heimdal-7.6.0 Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GIXEDVVMPD6ZAJSMI2EZ7FNEIVNWE5PD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SLXXIF4LOQEAEDAF4UGP2AO6WDNTDFUB/
https://seclists.org/bugtraq/2019/Jun/1 Mailing List Third Party Advisory
https://www.debian.org/security/2019/dsa-4455 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:heimdal_project:heimdal:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*
cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

History

21 Nov 2024, 04:22

Type Values Removed Values Added
References () http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00002.html - Mailing List, Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00002.html - Mailing List, Third Party Advisory
References () http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00003.html - Mailing List, Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00003.html - Mailing List, Third Party Advisory
References () http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00026.html - Mailing List, Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00026.html - Mailing List, Third Party Advisory
References () http://www.h5l.org/pipermail/heimdal-announce/2019-May/000009.html - Patch, Vendor Advisory () http://www.h5l.org/pipermail/heimdal-announce/2019-May/000009.html - Patch, Vendor Advisory
References () https://github.com/heimdal/heimdal/commit/2f7f3d9960aa6ea21358bdf3687cee5149aa35cf - Patch, Third Party Advisory () https://github.com/heimdal/heimdal/commit/2f7f3d9960aa6ea21358bdf3687cee5149aa35cf - Patch, Third Party Advisory
References () https://github.com/heimdal/heimdal/compare/3e58559...bbafe72 - Patch, Third Party Advisory () https://github.com/heimdal/heimdal/compare/3e58559...bbafe72 - Patch, Third Party Advisory
References () https://github.com/heimdal/heimdal/releases/tag/heimdal-7.6.0 - Third Party Advisory () https://github.com/heimdal/heimdal/releases/tag/heimdal-7.6.0 - Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GIXEDVVMPD6ZAJSMI2EZ7FNEIVNWE5PD/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GIXEDVVMPD6ZAJSMI2EZ7FNEIVNWE5PD/ -
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SLXXIF4LOQEAEDAF4UGP2AO6WDNTDFUB/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SLXXIF4LOQEAEDAF4UGP2AO6WDNTDFUB/ -
References () https://seclists.org/bugtraq/2019/Jun/1 - Mailing List, Third Party Advisory () https://seclists.org/bugtraq/2019/Jun/1 - Mailing List, Third Party Advisory
References () https://www.debian.org/security/2019/dsa-4455 - Third Party Advisory () https://www.debian.org/security/2019/dsa-4455 - Third Party Advisory

07 Nov 2023, 03:03

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SLXXIF4LOQEAEDAF4UGP2AO6WDNTDFUB/', 'name': 'FEDORA-2019-2fa7d6405b', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GIXEDVVMPD6ZAJSMI2EZ7FNEIVNWE5PD/', 'name': 'FEDORA-2019-f3046b6bfb', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GIXEDVVMPD6ZAJSMI2EZ7FNEIVNWE5PD/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SLXXIF4LOQEAEDAF4UGP2AO6WDNTDFUB/ -

Information

Published : 2019-05-15 23:29

Updated : 2024-11-21 04:22


NVD link : CVE-2019-12098

Mitre link : CVE-2019-12098

CVE.ORG link : CVE-2019-12098


JSON object : View

Products Affected

opensuse

  • backports_sle
  • leap

debian

  • debian_linux

heimdal_project

  • heimdal

fedoraproject

  • fedora