CVE-2023-25565 – CVE-2023-25565 is a denial-of-service vulnerabi... (How to Fix)

Q: What is the severity of CVE-2023-25565?

CVE-2023-25565 has a CVSS score of 7.5 (HIGH). CVE-2023-25565 is a denial-of-service vulnerability in GSS-NTLMSSP, a GSSAPI plugin for NTLM authentication. An incorrect free operation when decoding target information can trigger an assertion failure in the free function, causing affected applications to crash. Systems using GSS-NTLMSSP for authentication prior to version 1.2.0 are vulnerable.

📋 TL;DR

CVE-2023-25565 is a denial-of-service vulnerability in GSS-NTLMSSP, a GSSAPI plugin for NTLM authentication. An incorrect free operation when decoding target information can trigger an assertion failure in the free function, causing affected applications to crash. Systems using GSS-NTLMSSP for authentication prior to version 1.2.0 are vulnerable.

💻 Affected Systems

Products:

GSS-NTLMSSP

Versions: All versions prior to 1.2.0

Operating Systems: Linux, Unix-like systems using GSSAPI with NTLM authentication

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems where GSS-NTLMSSP is installed and used for NTLM authentication via GSSAPI.

📦 What is this software?

Gss Ntlmssp by Gss Ntlmssp Project

View all CVEs affecting Gss Ntlmssp →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete denial of service for any service using GSS-NTLMSSP authentication, potentially affecting critical authentication infrastructure and causing widespread service disruption.

🟠

Likely Case

Targeted denial-of-service attacks against specific services using NTLM authentication via GSSAPI, causing service crashes and authentication failures.

🟢

If Mitigated

Minimal impact with proper network segmentation and monitoring; crashes would be detected and services could be automatically restarted.

🌐 Internet-Facing: MEDIUM - Services exposed to the internet using GSS-NTLMSSP could be targeted for DoS, but exploitation requires specific authentication contexts.

🏢 Internal Only: MEDIUM - Internal services using GSS-NTLMSSP could be exploited by authenticated users or attackers who gain internal access.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW - The vulnerability is triggered through the standard gss_accept_sec_context entry point.

Exploitation requires the ability to send NTLM authentication requests to a vulnerable service.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.2.0

Vendor Advisory: https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-7q7f-wqcg-mvfg

Restart Required: Yes

Instructions:

1. Download GSS-NTLMSSP version 1.2.0 or later from GitHub releases. 2. Follow standard build and installation procedures for your distribution. 3. Restart any services using GSS-NTLMSSP.

🔧 Temporary Workarounds

Disable NTLM authentication

linux

Disable NTLM authentication in services using GSSAPI if Kerberos or other authentication methods are available.

# Configuration depends on specific service using GSSAPI

🧯 If You Can't Patch

Implement network segmentation to limit access to services using GSS-NTLMSSP
Deploy monitoring and automated restart mechanisms for affected services

🔍 How to Verify

Check if Vulnerable:

Check if GSS-NTLMSSP is installed and its version is below 1.2.0 using package manager or checking library files.

Check Version:

pkg-config --modversion gss-ntlmssp || find /usr -name '*gss-ntlmssp*' -type f | xargs strings | grep -i version

Verify Fix Applied:

Verify GSS-NTLMSSP version is 1.2.0 or higher and test NTLM authentication functionality.

📡 Detection & Monitoring

Log Indicators:

Application crashes with assertion failures in free() function
Authentication service restarts
Segmentation fault errors in system logs

Network Indicators:

Multiple failed NTLM authentication attempts followed by service unavailability

SIEM Query:

source="*auth.log*" OR source="*syslog*" ("segmentation fault" OR "assertion failure" OR "free()") AND "gss"

📊 Metadata

CVE ID: CVE-2023-25565

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-590

Published: February 14, 2023

Last Updated: November 21, 2024

🔗 References

https://github.com/gssapi/gss-ntlmssp/commit/c16100f60907a2de92bcb676f303b81facee0f64 Patch,Third Party Advisory
https://github.com/gssapi/gss-ntlmssp/releases/tag/v1.2.0 Third Party Advisory
https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-7q7f-wqcg-mvfg Third Party Advisory
https://github.com/gssapi/gss-ntlmssp/commit/c16100f60907a2de92bcb676f303b81facee0f64 Patch,Third Party Advisory
https://github.com/gssapi/gss-ntlmssp/releases/tag/v1.2.0 Third Party Advisory
https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-7q7f-wqcg-mvfg Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-25565, you might also want to check these: