OESA-2023-1116

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1116
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2023-1116.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2023-1116
Upstream
Published
2023-02-24T11:04:57Z
Modified
2025-08-12T05:18:52.728201Z
Summary
gssntlmssp security update
Details

Implementing the GSSAPI mechanism of NTLMSSP.

Security Fix(es):

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, memory corruption can be triggered when decoding UTF16 strings. The variable outlen was not initialized and could cause writing a zero to an arbitrary place in memory if ntlm_str_convert() were to fail, which would leave outlen uninitialized. This can lead to a denial of service if the write hits unmapped memory or randomly corrupts a byte in the application memory space. This vulnerability can trigger an out-of-bounds write, leading to memory corruption. This vulnerability can be triggered via the main gss_accept_sec_context entry point. This issue is fixed in version 1.2.0.(CVE-2023-25564)

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, an incorrect free when decoding target information can trigger a denial of service. The error condition incorrectly assumes the cb and sh buffers contain a copy of the data that needs to be freed. However, that is not the case. This vulnerability can be triggered via the main gss_accept_sec_context entry point. This will likely trigger an assertion failure in free, causing a denial-of-service. This issue is fixed in version 1.2.0.(CVE-2023-25565)

GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements NTLM authentication, has an out-of-bounds read when decoding target information prior to version 1.2.0. The length of the av_pair is not checked properly for two of the elements which can trigger an out-of-bound read. The out-of-bounds read can be triggered via the main gss_accept_sec_context entry point and could cause a denial-of-service if the memory is unmapped. The issue is fixed in version 1.2.0.(CVE-2023-25567)

Database specific 
{
    "severity": "High"
}
References

Affected packages

openEuler:20.03-LTS-SP1 / gssntlmssp

Package

Name
gssntlmssp
Purl
pkg:rpm/openEuler/gssntlmssp&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.7.0-9.oe1

Ecosystem specific 

{
    "src": [
        "gssntlmssp-0.7.0-9.oe1.src.rpm"
    ],
    "aarch64": [
        "gssntlmssp-debuginfo-0.7.0-9.oe1.aarch64.rpm",
        "gssntlmssp-0.7.0-9.oe1.aarch64.rpm",
        "gssntlmssp-devel-0.7.0-9.oe1.aarch64.rpm",
        "gssntlmssp-help-0.7.0-9.oe1.aarch64.rpm",
        "gssntlmssp-debugsource-0.7.0-9.oe1.aarch64.rpm"
    ],
    "x86_64": [
        "gssntlmssp-debuginfo-0.7.0-9.oe1.x86_64.rpm",
        "gssntlmssp-help-0.7.0-9.oe1.x86_64.rpm",
        "gssntlmssp-0.7.0-9.oe1.x86_64.rpm",
        "gssntlmssp-debugsource-0.7.0-9.oe1.x86_64.rpm",
        "gssntlmssp-devel-0.7.0-9.oe1.x86_64.rpm"
    ]
}

openEuler:20.03-LTS-SP3 / gssntlmssp

Package

Name
gssntlmssp
Purl
pkg:rpm/openEuler/gssntlmssp&distro=openEuler-20.03-LTS-SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.7.0-9.oe1

Ecosystem specific 

{
    "src": [
        "gssntlmssp-0.7.0-9.oe1.src.rpm"
    ],
    "aarch64": [
        "gssntlmssp-debuginfo-0.7.0-9.oe1.aarch64.rpm",
        "gssntlmssp-0.7.0-9.oe1.aarch64.rpm",
        "gssntlmssp-debugsource-0.7.0-9.oe1.aarch64.rpm",
        "gssntlmssp-devel-0.7.0-9.oe1.aarch64.rpm",
        "gssntlmssp-help-0.7.0-9.oe1.aarch64.rpm"
    ],
    "x86_64": [
        "gssntlmssp-debugsource-0.7.0-9.oe1.x86_64.rpm",
        "gssntlmssp-devel-0.7.0-9.oe1.x86_64.rpm",
        "gssntlmssp-help-0.7.0-9.oe1.x86_64.rpm",
        "gssntlmssp-0.7.0-9.oe1.x86_64.rpm",
        "gssntlmssp-debuginfo-0.7.0-9.oe1.x86_64.rpm"
    ]
}

openEuler:22.03-LTS / gssntlmssp

Package

Name
gssntlmssp
Purl
pkg:rpm/openEuler/gssntlmssp&distro=openEuler-22.03-LTS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.7.0-10.oe2203sp1

Ecosystem specific 

{
    "src": [
        "gssntlmssp-0.7.0-9.oe2203.src.rpm",
        "gssntlmssp-0.7.0-10.oe2203sp1.src.rpm"
    ],
    "aarch64": [
        "gssntlmssp-debugsource-0.7.0-9.oe2203.aarch64.rpm",
        "gssntlmssp-0.7.0-9.oe2203.aarch64.rpm",
        "gssntlmssp-help-0.7.0-9.oe2203.aarch64.rpm",
        "gssntlmssp-debuginfo-0.7.0-9.oe2203.aarch64.rpm",
        "gssntlmssp-devel-0.7.0-9.oe2203.aarch64.rpm",
        "gssntlmssp-debuginfo-0.7.0-10.oe2203sp1.aarch64.rpm",
        "gssntlmssp-help-0.7.0-10.oe2203sp1.aarch64.rpm",
        "gssntlmssp-debugsource-0.7.0-10.oe2203sp1.aarch64.rpm",
        "gssntlmssp-0.7.0-10.oe2203sp1.aarch64.rpm",
        "gssntlmssp-devel-0.7.0-10.oe2203sp1.aarch64.rpm"
    ],
    "x86_64": [
        "gssntlmssp-help-0.7.0-9.oe2203.x86_64.rpm",
        "gssntlmssp-devel-0.7.0-9.oe2203.x86_64.rpm",
        "gssntlmssp-0.7.0-9.oe2203.x86_64.rpm",
        "gssntlmssp-debuginfo-0.7.0-9.oe2203.x86_64.rpm",
        "gssntlmssp-debugsource-0.7.0-9.oe2203.x86_64.rpm",
        "gssntlmssp-help-0.7.0-10.oe2203sp1.x86_64.rpm",
        "gssntlmssp-debuginfo-0.7.0-10.oe2203sp1.x86_64.rpm",
        "gssntlmssp-debugsource-0.7.0-10.oe2203sp1.x86_64.rpm",
        "gssntlmssp-0.7.0-10.oe2203sp1.x86_64.rpm",
        "gssntlmssp-devel-0.7.0-10.oe2203sp1.x86_64.rpm"
    ]
}

openEuler:22.03-LTS-SP1 / gssntlmssp

Package

Name
gssntlmssp
Purl
pkg:rpm/openEuler/gssntlmssp&distro=openEuler-22.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.7.0-10.oe2203sp1

Ecosystem specific 

{
    "src": [
        "gssntlmssp-0.7.0-10.oe2203sp1.src.rpm"
    ],
    "aarch64": [
        "gssntlmssp-debuginfo-0.7.0-10.oe2203sp1.aarch64.rpm",
        "gssntlmssp-help-0.7.0-10.oe2203sp1.aarch64.rpm",
        "gssntlmssp-debugsource-0.7.0-10.oe2203sp1.aarch64.rpm",
        "gssntlmssp-0.7.0-10.oe2203sp1.aarch64.rpm",
        "gssntlmssp-devel-0.7.0-10.oe2203sp1.aarch64.rpm"
    ],
    "x86_64": [
        "gssntlmssp-help-0.7.0-10.oe2203sp1.x86_64.rpm",
        "gssntlmssp-debuginfo-0.7.0-10.oe2203sp1.x86_64.rpm",
        "gssntlmssp-debugsource-0.7.0-10.oe2203sp1.x86_64.rpm",
        "gssntlmssp-0.7.0-10.oe2203sp1.x86_64.rpm",
        "gssntlmssp-devel-0.7.0-10.oe2203sp1.x86_64.rpm"
    ]
}