idm:DL1 security update
エラータID: AXSA:2025-11169:01
リリース日:
2025/11/28 Friday - 18:54
題名:
idm:DL1 security update
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- kdcproxy には、サーバーアドレスが定義されていないレルムに
対するリクエストを受信した際、指定されたレルムに一致する DNS
ゾーン内の SRV レコードを意図せず照会してしまう問題があるため、
リモートの攻撃者 により、DNS SRV レコードを持つレルムとなるように
巧妙に細工されたリクエストの送信を介して、サーバサイドリクエスト
フォージェリ攻撃と、これによる内部ネットワークトポロジーの調査、
ポートスキャン、機密データの外部流出を可能とする脆弱性が存在します。
(CVE-2025-59088)
- kdcproxy には、TCP 接続の応答パケットのデータ長を制限していない
ことに起因して制限なくメモリおよび CPU リソースを消費してしまう問題
があるため、リモートの攻撃者により、巧妙に細工された応答パケットの
送信を介して、サービス拒否攻撃 (CPU およびメモリ枯渇) を可能とする
脆弱性が存在します。(CVE-2025-59089)
Modularity name: idm
Stream name: DL1
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-59088
If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could send a request for a realm matching a DNS zone where they created SRV records pointing to arbitrary ports and hostnames (which may resolve to loopback or internal IP addresses). This vulnerability can be exploited to probe internal network topology and firewall rules, perform port scanning, and exfiltrate data. Deployments where the "use_dns" setting is explicitly set to false are not affected.
If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could send a request for a realm matching a DNS zone where they created SRV records pointing to arbitrary ports and hostnames (which may resolve to loopback or internal IP addresses). This vulnerability can be exploited to probe internal network topology and firewall rules, perform port scanning, and exfiltrate data. Deployments where the "use_dns" setting is explicitly set to false are not affected.
CVE-2025-59089
If an attacker causes kdcproxy to connect to an attacker-controlled KDC server (e.g. through server-side request forgery), they can exploit the fact that kdcproxy does not enforce bounds on TCP response length to conduct a denial-of-service attack. While receiving the KDC's response, kdcproxy copies the entire buffered stream into a new buffer on each recv() call, even when the transfer is incomplete, causing excessive memory allocation and CPU usage. Additionally, kdcproxy accepts incoming response chunks as long as the received data length is not exactly equal to the length indicated in the response header, even when individual chunks or the total buffer exceed the maximum length of a Kerberos message. This allows an attacker to send unbounded data until the connection timeout is reached (approximately 12 seconds), exhausting server memory or CPU resources. Multiple concurrent requests can cause accept queue overflow, denying service to legitimate clients.
If an attacker causes kdcproxy to connect to an attacker-controlled KDC server (e.g. through server-side request forgery), they can exploit the fact that kdcproxy does not enforce bounds on TCP response length to conduct a denial-of-service attack. While receiving the KDC's response, kdcproxy copies the entire buffered stream into a new buffer on each recv() call, even when the transfer is incomplete, causing excessive memory allocation and CPU usage. Additionally, kdcproxy accepts incoming response chunks as long as the received data length is not exactly equal to the length indicated in the response header, even when individual chunks or the total buffer exceed the maximum length of a Kerberos message. This allows an attacker to send unbounded data until the connection timeout is reached (approximately 12 seconds), exhausting server memory or CPU resources. Multiple concurrent requests can cause accept queue overflow, denying service to legitimate clients.
追加情報:
N/A
ダウンロード:
SRPMS
- bind-dyndb-ldap-11.6-6.module+el8+1922+95af2a3b.src.rpm
MD5: 92c029fda3cbebdcc022bc2e3c72aa58
SHA-256: 8d2cd73b2e28f9c9e242b09fb6751bc036f1d84590ef88e642f413234f9dfda4
Size: 370.34 kB - custodia-0.6.0-3.module+el8+1922+95af2a3b.src.rpm
MD5: 805ab33c90b1abfece8e513b583be332
SHA-256: 1bbc130c10863824ba777aee324bfd04740cef7fd2db887ce60d77b3759756c3
Size: 144.66 kB - ipa-healthcheck-0.12-6.module+el8+1922+95af2a3b.src.rpm
MD5: 780523645fd85116004df2e70e2d7172
SHA-256: a4d5ff6aae33049151f0a1a2f3af119f9101492dedc76486b1d3dfd0fc26a144
Size: 136.51 kB - ipa-4.9.13-20.module+el8+1922+95af2a3b.src.rpm
MD5: 08900a86490338a157f7377c446c9730
SHA-256: a2b487d9c9a04c95aa92cb6182d89539e051c652ad9e61513c0a73c67151aa23
Size: 13.20 MB - opendnssec-2.1.7-2.module+el8+1922+95af2a3b.src.rpm
MD5: ee291eac8e6f1b332ffcb68d55573776
SHA-256: 36e3c43e76889dff0073d2b219c758326a4847854ba23410453561d493de5d5d
Size: 1.09 MB - python-jwcrypto-0.5.0-2.module+el8+1922+95af2a3b.src.rpm
MD5: a76a1ca0e0023ec8e5919b752107a231
SHA-256: 82cf5a3e6670b8d3f93c27e90b9f276ae613a18ab89ae71d8dbd69c4ad4defa1
Size: 79.63 kB - python-kdcproxy-0.4-5.module+el8+1922+95af2a3b.2.src.rpm
MD5: cafc3bc034e19c88f604875534361893
SHA-256: 8d2a837ba17f9a6d81cdda6502a36ed4688ffb4da19e2d74799e8fba67477cff
Size: 52.45 kB - python-qrcode-5.3-1.module+el8+1922+95af2a3b.src.rpm
MD5: b1a151df231b6a8cf988d20cf1e1552b
SHA-256: 8090c99636d5a5f8fa55f646998bfda6533fb765b87cee9c096b25e9c3b43dcd
Size: 35.47 kB - python-yubico-1.3.2-9.1.module+el8+1922+95af2a3b.src.rpm
MD5: e3f64c026a2b2519eda34bfee5b74807
SHA-256: 3dd2af6a639efe55f28ae76dda18c4ebee6a533dee90b2cbcd3a011029e863c5
Size: 50.84 kB - pyusb-1.0.0-9.1.module+el8+1922+95af2a3b.src.rpm
MD5: 6381a536d816924f700230bcac8667e6
SHA-256: 46454bf199cb77be196076985f821cef7319b5c040c436ab53a848f7afd78f78
Size: 78.96 kB - slapi-nis-0.60.0-4.module+el8+1922+95af2a3b.ML.1.src.rpm
MD5: 91e45fc41275a200b601afe21d69e04c
SHA-256: 5fd4339c24c24dd534d997e2b4ee94de21818a80b5c2d48b6a0f61c4601d33c2
Size: 646.84 kB - softhsm-2.6.0-5.module+el8+1922+95af2a3b.src.rpm
MD5: 0a0fbab4a7a7a88197d39599448f9f2c
SHA-256: 3d64c73e4266abeff379e9ebfc0945348c3649020420ace12ec45661ade5e511
Size: 1.03 MB
Asianux Server 8 for x86_64
- bind-dyndb-ldap-11.6-6.module+el8+1922+95af2a3b.x86_64.rpm
MD5: 25ba98beba47da5eae7ae4189eeda851
SHA-256: 43d4f44910860aa91a1950172dacf7a218717b27c1ed22cd372426316280970a
Size: 127.12 kB - bind-dyndb-ldap-debugsource-11.6-6.module+el8+1922+95af2a3b.x86_64.rpm
MD5: afdb9ef7b283e47046b482d3cad92e39
SHA-256: 3089e856a5ee3cf0f26b89bd21a23ce2203e1a25a5791072c35345a1c022981f
Size: 114.55 kB - custodia-0.6.0-3.module+el8+1922+95af2a3b.noarch.rpm
MD5: 50d0026c901d4f163cbdcc62cd74a601
SHA-256: b67de6bc0b47aaf661cff8da07472460ce19ba697432c00f12544e6f77d2ae93
Size: 32.29 kB - ipa-client-4.9.13-20.module+el8+1922+95af2a3b.x86_64.rpm
MD5: dc2cac962c3cd7b397c39647e7c7765f
SHA-256: 9f26f6697a13f907dc8fe8cf83e25c42879b8985fa646c7947ab041bc8621a58
Size: 293.33 kB - ipa-client-common-4.9.13-20.module+el8+1922+95af2a3b.noarch.rpm
MD5: 32216b564f94b22763ee6ac4bb5e9d07
SHA-256: a95380dca7304f9bcb6fab4bbf21d3b37511a942c9a0828278bb566ad5bc5d3f
Size: 194.69 kB - ipa-client-epn-4.9.13-20.module+el8+1922+95af2a3b.x86_64.rpm
MD5: 8e659555387957c32b02c947c3fcd075
SHA-256: c93de848e4d44b174e3afad3313ad2b7629b6f3f80c07d48156ae5dded7314d4
Size: 192.78 kB - ipa-client-samba-4.9.13-20.module+el8+1922+95af2a3b.x86_64.rpm
MD5: 25ceff3f70e0299bb0cf6bc7a90c5364
SHA-256: 54f3ed963c69428e2a69d086b8f31ea735067c15abcdcc6039631746ce8f1ef6
Size: 188.31 kB - ipa-common-4.9.13-20.module+el8+1922+95af2a3b.noarch.rpm
MD5: 02903c223e347d4f4b5321c98fdc845c
SHA-256: 87e5021f87d74b351c11f91eebf9c7ff55ca346e7da1291200015662d0b9fcad
Size: 802.70 kB - ipa-debugsource-4.9.13-20.module+el8+1922+95af2a3b.x86_64.rpm
MD5: fbf9d8c16ae41b1b01abf133ed93a2be
SHA-256: 6397d0899d47cf5d550670d86950a76fd1f7f1dd464ca7398a7844284377e08c
Size: 513.04 kB - ipa-healthcheck-0.12-6.module+el8+1922+95af2a3b.noarch.rpm
MD5: a603b6b94ab678a4c280d8a84d2f2db5
SHA-256: 3caaf320101c3697c047665cbfedff2f70e58b15f240af82bff250bb6533c5ac
Size: 113.77 kB - ipa-healthcheck-core-0.12-6.module+el8+1922+95af2a3b.noarch.rpm
MD5: 1a567f7730168d6f130191afce31649d
SHA-256: 627b0f5506202e83e854d323d4f33647ec0454a60246b9d28dad556326303966
Size: 59.43 kB - ipa-python-compat-4.9.13-20.module+el8+1922+95af2a3b.noarch.rpm
MD5: 2ba6c478141a13d82922bf615c0714e0
SHA-256: 06caee3258fbd1f96eb012e78e9b7d7df7dd6ae2678f60b62c83b3f2fbd6ae84
Size: 186.12 kB - ipa-selinux-4.9.13-20.module+el8+1922+95af2a3b.noarch.rpm
MD5: 7c2b5c05cd25f6afce3e10b6105589ee
SHA-256: 4caac05955f65e739b70c6d0543210dbaf5f94d7b5c23b0e4e04b488bbf528a2
Size: 186.63 kB - ipa-server-4.9.13-20.module+el8+1922+95af2a3b.x86_64.rpm
MD5: a104ac1b1ff4ee0dd404d99e033c7380
SHA-256: 0bb7cbf85de0dc46009075d8db0014be3fb586f53b1897cf7de76a2753b1e11e
Size: 559.80 kB - ipa-server-common-4.9.13-20.module+el8+1922+95af2a3b.noarch.rpm
MD5: 08072ec1cf7c10fb225f6eb062ae121a
SHA-256: d9fc35d01d33558dfdcfe3266edd05a788aee21ce5a7e4dff3dd94bf171fce15
Size: 627.61 kB - ipa-server-dns-4.9.13-20.module+el8+1922+95af2a3b.noarch.rpm
MD5: 85428b02dad73435770e54f9d0545a54
SHA-256: 37696b013c6cc17613d1fdb4bdd48afdb9227f11991fd57d00bd64beadaf15c5
Size: 202.34 kB - ipa-server-trust-ad-4.9.13-20.module+el8+1922+95af2a3b.x86_64.rpm
MD5: 6cffb83a0a294db6122ff35ca9bf9642
SHA-256: 9386842b44dfce0b62154fdd00f3caf89ccb1c07e0d8b355afc37e27e8640f58
Size: 299.96 kB - opendnssec-2.1.7-2.module+el8+1922+95af2a3b.x86_64.rpm
MD5: d6ee4c707749f0af55a2de04ff2f3996
SHA-256: 89f77a3263c0c344ab55aba6f5015154c131626005ea0c99a6abe894683d14d2
Size: 472.33 kB - opendnssec-debugsource-2.1.7-2.module+el8+1922+95af2a3b.x86_64.rpm
MD5: 97ccf80ded734c49ef8254909302ac13
SHA-256: fe9dcce908a3f4dee4557f2cb6090cb45dc706bca08ead8d243beb47d55f97e3
Size: 406.04 kB - python3-custodia-0.6.0-3.module+el8+1922+95af2a3b.noarch.rpm
MD5: 2ba26ecddb94437130d953d294002620
SHA-256: ff13efd2b99158e87939a64bb3b161df2e6ef764df173b36bc969c4b0d765ce8
Size: 120.08 kB - python3-ipaclient-4.9.13-20.module+el8+1922+95af2a3b.noarch.rpm
MD5: 9aada7e2415f579cf95a0cf523af22c7
SHA-256: d02397fe380710aeef2179089f914df4d692b7e9b52291f54eb739a238b633b6
Size: 700.69 kB - python3-ipalib-4.9.13-20.module+el8+1922+95af2a3b.noarch.rpm
MD5: 466a29cf6d1ad6401d0ebfe166d210ad
SHA-256: aac7aa739213e39df86cfc40b2e680c5732cdfa344c0245a0c92ad5e29f568f2
Size: 770.69 kB - python3-ipaserver-4.9.13-20.module+el8+1922+95af2a3b.noarch.rpm
MD5: 15badc74bef33e951125567b6c072f87
SHA-256: 4e49b8f1342d3e6ca50efbe72321596f8b7e37579f7f559041aee9efb713f42d
Size: 1.68 MB - python3-ipatests-4.9.13-20.module+el8+1922+95af2a3b.noarch.rpm
MD5: c2f48b68e8d57f59265196fbb3c57231
SHA-256: 37d17137490ed2b8188f75fb51440d279b4348f196c06ad6af3dee9848c427b3
Size: 1.74 MB - python3-jwcrypto-0.5.0-2.module+el8+1922+95af2a3b.noarch.rpm
MD5: 7a64c2b77f486b7432182dcfcc81a6ec
SHA-256: 9826b5261a0a3553d151b2782cfbcfc1835df7881cbd43e6cf93e335afd4c37c
Size: 64.91 kB - python3-kdcproxy-0.4-5.module+el8+1922+95af2a3b.2.noarch.rpm
MD5: 2bd46bfc78cba222ff9a787375b017a8
SHA-256: 70776cf8a23857cc8f08786bf6cf3a1d0867c27c047e3c42864720a6c889041b
Size: 42.15 kB - python3-pyusb-1.0.0-9.1.module+el8+1922+95af2a3b.noarch.rpm
MD5: fbc50c8f6418f06a0cee979e1efc66f2
SHA-256: bf2018798443f94fd223241331f8fa3124fa89c583776f6ec9fd4b9a28ee9b70
Size: 86.87 kB - python3-qrcode-5.3-1.module+el8+1922+95af2a3b.noarch.rpm
MD5: 08841dd3a13cfd817f846282a870a891
SHA-256: 1c5a47de61e626996a76b73ea671401d1ec980a564263ddb1e14be23033a488b
Size: 16.80 kB - python3-qrcode-core-5.3-1.module+el8+1922+95af2a3b.noarch.rpm
MD5: 3e0f99a6b25d0956345afd28036fad79
SHA-256: b8fe1549c56bded948595104d3086e5d8431bea38f0f570cf654b41904f1a580
Size: 46.15 kB - python3-yubico-1.3.2-9.1.module+el8+1922+95af2a3b.noarch.rpm
MD5: b1477691c23421d8758b1863b57ff241
SHA-256: 1e57d6ab32fad988403828e060a2ccfc99e86a6a8adcca49da180ca6328bc350
Size: 62.22 kB - slapi-nis-0.60.0-4.module+el8+1922+95af2a3b.ML.1.x86_64.rpm
MD5: a320234cf57c8d20f64ff8d95d14349d
SHA-256: 32e4480bd56dde48c990fbb1ed234e2defce637f2b1ae9ed4f7ed33d0526d0c9
Size: 159.70 kB - slapi-nis-debugsource-0.60.0-4.module+el8+1922+95af2a3b.ML.1.x86_64.rpm
MD5: af3bcf350197d37cbfa4d6401ee3b9ae
SHA-256: 78526a3ec7f8275a3df97c509e5068831e2a4c8b1b0b24a57142d2b7bb8723e0
Size: 135.21 kB - softhsm-2.6.0-5.module+el8+1922+95af2a3b.x86_64.rpm
MD5: 5cc2e77aeb0d1562cab270e17565c287
SHA-256: af9092cd8ad1826ab478c8e4d85ca4124dd7d0379568fb77b96782bac80c5e28
Size: 429.82 kB - softhsm-debugsource-2.6.0-5.module+el8+1922+95af2a3b.x86_64.rpm
MD5: d4ec6237841f9d0c7fd20533579c8673
SHA-256: d0e461dba8b48039b06c9a417861364f628e96c931e264fcbe39519570c88217
Size: 203.52 kB - softhsm-devel-2.6.0-5.module+el8+1922+95af2a3b.x86_64.rpm
MD5: f30c62c12579784a5d94bcdc0e248dd7
SHA-256: d331b21f175e1edb572b0dc0422185a3d05533c55ce3651cc36f8f614edececc
Size: 20.48 kB
English