640808 – (CVE-2017-17439) <app-crypt/heimdal-7.5.0 Remote unauthenticated DoS

Bug 640808 (CVE-2017-17439) - <app-crypt/heimdal-7.5.0 Remote unauthenticated DoS

Summary: <app-crypt/heimdal-7.5.0 Remote unauthenticated DoS

Status:	RESOLVED FIXED

Alias:	CVE-2017-17439

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor
Assignee:	Gentoo Security

URL:	https://cve.mitre.org/cgi-bin/cvename...
Whiteboard:	B3 [noglsa cve]
Keywords:

Depends on:
Blocks:

Reported:	2017-12-12 09:07 UTC by Eray Aslan
Modified:	2018-04-22 22:46 UTC (History)
CC List:	1 user (show)

See Also:
Package list:	=app-crypt/heimdal-7.5.0
Runtime testing required:	---

Flags:	stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Eray Aslan gentoo-dev

2017-12-12 09:07:09 UTC

In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault. This is related to the _kdc_as_rep function in kdc/kerberos5.c and the der_length_visible_string function in lib/asn1/der_length.c.

See also: https://github.com/heimdal/heimdal/issues/353

Comment 1 Eray Aslan gentoo-dev

2017-12-12 09:13:23 UTC

Arches, please test and mark stable
=app-crypt/heimdal-7.5.0

TARGET KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~mips ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd"

Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev

2017-12-12 16:36:36 UTC

x86 stable

Comment 3 Sergei Trofimovich (RETIRED) gentoo-dev

2017-12-13 07:42:55 UTC

ppc/ppc64 stable

Comment 4 Agostino Sarubbo gentoo-dev

2017-12-14 20:28:09 UTC

amd64 stable

Comment 5 Markus Meier gentoo-dev

2017-12-21 19:27:58 UTC

arm stable

Comment 6 Sergei Trofimovich (RETIRED) gentoo-dev

2017-12-28 22:03:03 UTC

ia64 stable

Comment 7 Tobias Klausmann (RETIRED) gentoo-dev

2018-01-29 08:34:01 UTC

Stable on alpha.

Comment 8 Matt Turner gentoo-dev

2018-04-22 22:41:00 UTC

hppa stable

Comment 9 Larry the Git Cow gentoo-dev

2018-04-22 22:46:00 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b8d3108007a97d63ba6eebd5f279ad56cf2d314d

commit b8d3108007a97d63ba6eebd5f279ad56cf2d314d
Author:     Aaron Bauman <bman@gentoo.org>
AuthorDate: 2018-04-22 22:45:09 +0000
Commit:     Aaron Bauman <bman@gentoo.org>
CommitDate: 2018-04-22 22:45:52 +0000

    app-crypt/heimdal: drop vulnerable
    
    Bug: https://bugs.gentoo.org/640808
    Package-Manager: Portage-2.3.31, Repoman-2.3.9

 app-crypt/heimdal/Manifest             |   1 -
 app-crypt/heimdal/heimdal-7.4.0.ebuild | 173 ---------------------------------
 2 files changed, 174 deletions(-)}

Comment 10 Aaron Bauman (RETIRED) gentoo-dev

2018-04-22 22:46:36 UTC

GLSA Vote: No