CVE-2022-2469 GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client

This issue is present in the libgsasl library and does not affect libsasl. libgsasl is not enabled by default and needs to be enabled by setting GSASL_LIB to non-zero value in environment variable. For example: Linux: export GSASL_LIB=1 Windows: set GSASL_LIB=1 If libgsasl is enabled by setting GSASL_LIB, then sasl_interactive_redirect() function can be used by client to send a connection to a particular URI. If the client is malicious and has valid credentials, then it can send a connection to a malicious server to read out-of-bounds. In such a case, the server can respond with a server-side read-out-of-bounds. REPOSTED FIX: libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client This has been fixed in libsasl 2.1.16, libgsasl 2.0.13 and libgsasl 1.0.21. --------------------------

References:

- http://msdn.microsoft.com/en-us/library/windows/desktop/ms687398(v=vs.85).aspx
- https://github.com/libgsasl/libgsasl
- http://searchsecurityspace.techtarget.com/definition/CVE-2022-2469

libgsasl server-side read-out-of-bounds with non-malicious authenticated GSS-API client

This has been fixed in libsasl 2.1.16, libgsasl 2.0.13 and libgsasl 1.0.21. --------------------------

libsasl Server-Side Out-Of-Bounds

This issue was discovered in libgsasl 1.0.21 and has been fixed in later versions of libgsasl. A malicious authenticated GSS-API client can send a connection to the server and read out-of-bounds by sending an invalid token using sasl_interactive_redirect(). The server will return an error with the text: "Internal error: rector stack overflow" if it is configured to allow such errors. --------------------------

libgsasl Server-side Remote Read-Out-of-Bounds

A vulnerability has been discovered in libgsasl which can be exploited by malicious authenticated GSS-API client to read out-of-bounds.
This vulnerability is present in the libgsasl library, but does not affect libsasl.
To fix this issue, please upgrade your libgsasl and libsasl libraries to version 2.1.16, 2.0.13 or 1.0.21 respectively.

Timeline

Published on: 07/19/2022 16:15:00 UTC
Last modified on: 07/27/2022 22:38:00 UTC

References

• https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2469.json
• https://gitlab.com/gsasl/gsasl/-/commit/796e4197f696261c1f872d7576371232330bcc30
• https://www.debian.org/security/2022/dsa-5189
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2469