UBUNTU-CVE-2023-3326
- Source
- https://ubuntu.com/security/CVE-2023-3326
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-3326.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2023-3326
- Upstream
- Published
- 2023-06-22T17:15:00Z
- Modified
- 2025-07-14T06:35:21.078975Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- - low
- Summary
- [none]
- Details
-
pamkrb5 authenticates a user by essentially running kinit with the password, getting a ticket-granting ticket (tgt) from the Kerberos KDC (Key Distribution Center) over the network, as a way to verify the password. However, if a keytab is not provisioned on the system, pamkrb5 has no way to validate the response from the KDC, and essentially trusts the tgt provided over the network as being valid. In a non-default FreeBSD installation that leverages pam_krb5 for authentication and does not have a keytab provisioned, an attacker that is able to control both the password and the KDC responses can return a valid tgt, allowing authentication to occur for any user on the system.
- References
Affected packages
Ubuntu:Pro:14.04:LTS / libpam-krb5
Package
- Name
- libpam-krb5
- Purl
- pkg:deb/ubuntu/libpam-krb5@4.6-2ubuntu0.1~esm1?arch=source&distro=esm-infra-legacy/trusty
Ubuntu:Pro:16.04:LTS / libpam-krb5
Package
- Name
- libpam-krb5
- Purl
- pkg:deb/ubuntu/libpam-krb5@4.7-2ubuntu0.1?arch=source&distro=esm-infra/xenial
Ubuntu:Pro:16.04:LTS / sssd
Package
- Name
- sssd
- Purl
- pkg:deb/ubuntu/sssd@1.13.4-1ubuntu1.15?arch=source&distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.12.5-2
1.13.1-2
1.13.2-1
1.13.3-1
1.13.4-1
1.13.4-1ubuntu1
1.13.4-1ubuntu1.1
1.13.4-1ubuntu1.2
1.13.4-1ubuntu1.5
1.13.4-1ubuntu1.6
1.13.4-1ubuntu1.7
1.13.4-1ubuntu1.8
1.13.4-1ubuntu1.9
1.13.4-1ubuntu1.10
1.13.4-1ubuntu1.11
1.13.4-1ubuntu1.12
1.13.4-1ubuntu1.13
1.13.4-1ubuntu1.14
1.13.4-1ubuntu1.15
Ubuntu:Pro:18.04:LTS / libpam-krb5
Package
- Name
- libpam-krb5
- Purl
- pkg:deb/ubuntu/libpam-krb5@4.8-1ubuntu0.1?arch=source&distro=esm-infra/bionic
Ubuntu:Pro:18.04:LTS / sssd
Package
- Name
- sssd
- Purl
- pkg:deb/ubuntu/sssd@1.16.1-1ubuntu1.8?arch=source&distro=esm-infra/bionic
Ubuntu:Pro:20.04:LTS / libpam-krb5
Package
- Name
- libpam-krb5
- Purl
- pkg:deb/ubuntu/libpam-krb5@4.8-2ubuntu1?arch=source&distro=esm-infra/focal
Ubuntu:Pro:20.04:LTS / sssd
Package
- Name
- sssd
- Purl
- pkg:deb/ubuntu/sssd@2.2.3-3ubuntu0.13?arch=source&distro=esm-infra/focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.2.0-4ubuntu1
2.2.2-1
2.2.2-1ubuntu1
2.2.3-1.1ubuntu1
2.2.3-2
2.2.3-3
2.2.3-3ubuntu0.1
2.2.3-3ubuntu0.2
2.2.3-3ubuntu0.3
2.2.3-3ubuntu0.4
2.2.3-3ubuntu0.6
2.2.3-3ubuntu0.7
2.2.3-3ubuntu0.8
2.2.3-3ubuntu0.9
2.2.3-3ubuntu0.10
2.2.3-3ubuntu0.11
2.2.3-3ubuntu0.12
2.2.3-3ubuntu0.13
Ubuntu:22.04:LTS / libpam-krb5
Package
- Name
- libpam-krb5
- Purl
- pkg:deb/ubuntu/libpam-krb5@4.11-1build1?arch=source&distro=jammy
Ubuntu:22.04:LTS / sssd
Package
- Name
- sssd
- Purl
- pkg:deb/ubuntu/sssd@2.6.3-1ubuntu3.5?arch=source&distro=jammy
Ubuntu:24.04:LTS / libpam-krb5
Package
- Name
- libpam-krb5
- Purl
- pkg:deb/ubuntu/libpam-krb5@4.11-1build3?arch=source&distro=noble
Ubuntu:24.04:LTS / sssd
Package
- Name
- sssd
- Purl
- pkg:deb/ubuntu/sssd@2.9.4-1.1ubuntu6.2?arch=source&distro=noble
Ubuntu:25.04 / libpam-krb5
Package
- Name
- libpam-krb5
- Purl
- pkg:deb/ubuntu/libpam-krb5@4.11-2?arch=source&distro=plucky