61412 2004-08-23 11:37 0000 app-crypt/heimdal ftpd Signal Handling Vulnerabilities 2004-09-22 21:31:48 0000 1 1 1 Unclassified Gentoo Linux Security 2004.1 All All RESOLVED FIXED http://secunia.com/advisories/12320/ B0 [glsa] jaervosz P2 blocker --- 1 jaervosz@gentoo.org security@gentoo.org aliz@gentoo.org jgonzalez.openinput@gmail.com rphillips@gentoo.org jaervosz@gentoo.org 2004-08-23 11:37:21 0000 Description: Przemyslaw Frasunek has reported some vulnerabilities in Heimdal ftpd, which potentially can be exploited by malicious users to gain escalated privileges or compromise a vulnerable system. The vulnerabilities are caused due to various race condition errors within the out-of-band signal handling code. Successful exploitation may allow execution of FTP commands or arbitrary code with the privileges of the ftpd process. This has been reported in version 0.6.2. Other versions may also be affected. Solution: Use another FTP service. jaervosz@gentoo.org 2004-08-23 11:41:37 0000 *** Bug 60850 has been marked as a duplicate of this bug. *** jaervosz@gentoo.org 2004-08-23 11:43:04 0000 Only reported by Secunia placing in upstream status. jaervosz@gentoo.org 2004-08-27 12:29:33 0000 More vulnerabilites with OOB commands: http://www.securityfocus.com/archive/1/372963/2004-08-16/2004-08-22/0 Still nothing upstream. lyz27@yahoo.com 2004-09-03 13:09:15 0000 Osvdb is listing this vuln as unstable. http://www.osvdb.org/displayvuln.php?osvdb_id=8994 From their site: This means this vulnerability is lacking proper or complete infomation, and is in queue for processing by either a Data Mangler or Moderator. lyz27@yahoo.com 2004-09-09 12:38:52 0000 Here's the result of an e-mail sent to the maintainer Tom Lynema <lyz27@yahoo.com> writes: > Hello, > > Could you please tell us at gentoo about the status of the vulnerability > that is described here http://bugs.gentoo.org/show_bug.cgi?id=61412 . A patch exists and is part of the latest snapshot of heimdal-0.6 branch and the upcoming 0.6.3 release. ftp://ftp.pdc.kth.se/pub/heimdal/snapshots/heimdal-0.6.3rc2.tar.gz ftp://ftp.pdc.kth.se/pub/heimdal/snapshots/heimdal-0.6-20040906.tar.gz Love jaervosz@gentoo.org 2004-09-09 13:01:54 0000 Correct links are: ftp://ftp.pdc.kth.se/pub/heimdal/src/snapshots/heimdal-0.6.3rc2.tar.gz ftp://ftp.pdc.kth.se/pub/heimdal/src/snapshots/heimdal-0.6-20040906.tar.gz lyz27@yahoo.com 2004-09-10 07:31:23 0000 I sent the devs a message concerning the next release of the package and got this reply. >>There's an rc3 now also, unless there's something coming up, I will >>call it 0.6.3 soon. >>/Johan ftp://ftp.pdc.kth.se/pub/heimdal/src/snapshots/heimdal-0.6.3rc3.tar.gz lyz27@yahoo.com 2004-09-13 05:56:02 0000 Version 0.6.3 is out. ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.6.3.tar.gz This fixes the vuln. jaervosz@gentoo.org 2004-09-13 06:34:55 0000 aliz, rphillips please bump to newest version ASAP. http://www.pdc.kth.se/heimdal/advisory/2004-09-13/ vorlon@gentoo.org 2004-09-13 08:26:28 0000 A DoS also seems to have been fixed in this version. Sounds to me like the second vulnerability mentioned in GLSA 200409-09 for mit-krb5 (bug #62417). The changelog contains among other things: "2004-09-05 Love H vorlon@gentoo.org 2004-09-13 08:26:28 0000 A DoS also seems to have been fixed in this version. Sounds to me like the second vulnerability mentioned in GLSA 200409-09 for mit-krb5 (bug #62417). The changelog contains among other things: "2004-09-05 Love Hörnquist Åstrand <lha@it.su.se> * lib/asn1/der_get.c (decode_enumerated): check that the tag length isn't longer the the length " Announcement for Heimdal 0.6.3: http://news.gmane.org/gmane.comp.encryption.kerberos.heimdal.announce Recent reports claim that Heimdal release 0.6.3 has been spotted at: ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.6.3.tar.gz The main attraction is a fix for the remote ftpd vulnerability, as found in all Berkeley derived variants. Changes in release 0.6.3 * fix vulnerabilities in ftpd * support for linux AFS /proc "syscalls" * support for RFC3244 (Windows 2000 Kerberos Change/Set Password) in kpasswdd * fix possible KDC denial of service * bug fixes Love, Assar, Jacques, and Johan koon@gentoo.org 2004-09-13 08:59:41 0000 Thanks to dragonheart we now have a 0.6.3 ebuild, committed as -* Jose Gonzalez Gomez helps with basic testing so that we can hand this later to arches for more arch-specific keywords. jgonzalez.openinput@gmail.com 2004-09-13 10:06:22 0000 It seems the ebuild has some eclass missing in the inherit clause, either flag-o-matic or ccc. When I compile it I get the following error: /usr/sbin/ebuild.sh: line 58: append-ldflags: command not found The compile process continues, but with limited testing, it seems that it isn't working properly. I have manually added ccc (vorlon078 in #gentoo-security suggested this) to the inherit clause, and recompiling it, to see if that makes any difference. Now I have to leave, If I have time I'll try to test it later. If I can't I'll have a hard time to test it tomorrow, as I have a quite busy day. vorlon@gentoo.org 2004-09-13 10:17:06 0000 Jose stated that the heimdal compiles when ignore the append-ldflags error, "but it seems it isn't working properly". Inheriting flag-o-matic, so that append-ldflags is known, leads to an error during configure. Inheriting ccc seems to compile at least, but I guess it shouldn't be needed. rphillips@gentoo.org 2004-09-13 11:02:22 0000 I added inherit flag-o-matic to the 0.6.3 ebuild and the package configured and installed ok. Portage 2.0.50-r5 (default-x86-2004.0, gcc-3.3.2, glibc-2.3.2-r9, 2.6.6) ================================================================= System uname: 2.6.6 i686 AMD Athlon(tm) XP 2100+ Gentoo Base System version 1.4.10 distcc 2.13 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled] Autoconf: sys-devel/autoconf-2.58-r1 Automake: sys-devel/automake-1.8.3 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CFLAGS="-O2 -march=athlon-xp -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" COMPILER="gcc3" CONFIG_PROTECT="/etc /usr/X11R6/lib/X11/xkb /usr/kde/2/share/config /usr/kde/3.2/share/config /usr/kde/3/share/config /usr/lib/mozilla/defaults/pref /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/ /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-O2 -march=athlon-xp -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs ccache sandbox" GENTOO_MIRRORS="http://gentoo.oregonstate.edu http://distro.ibiblio.org/pub/Linux/distributions/gentoo" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="X apm arts avi berkdb cdr crypt cups encode esd foomaticdb gdbm gif gnome gpm gtk gtk2 imlib java jpeg kde ldap libg++ libwww mad mikmod motif mozilla mpeg mysql ncurses nls oggvorbis opengl oss pam pdflib perl png python qt quicktime readline ruby sdl slang spell ssl svga tcltk tcpd tetex truetype x86 xml2 xmms xv zlib" rphillips@gentoo.org 2004-09-13 12:02:56 0000 After a bit more testing, I've ran into the same problem as Matthias. solar@gentoo.org 2004-09-13 14:02:44 0000 The ebuild is incorrect. The append-ldflags -Wl,-z is probably supposed to be append-ldflags -Wl,-z,now solar@gentoo.org 2004-09-13 14:05:01 0000 Created an attachment (id=39529) heimdal-0.6.3.ebuild.diff The ebuild should probably look like this attachment. jaervosz@gentoo.org 2004-09-13 14:28:25 0000 Compiles fine with patch from comment #17 solar@gentoo.org 2004-09-13 15:00:11 0000 ok great. Few more touchups needed for init scripts then I can commit this. Jose is working on the initscripts patches and should be posting them here shortly. jgonzalez.openinput@gmail.com 2004-09-13 15:16:17 0000 Progress on this bug: 1. Compiled successfully with patch submitted by solar. 2. heimdal-kadmind and heimdal-kpasswdd have incorrect references to /usr/libexec instead of new location, /usr/sbin 3. The ebuild had an incorrect configure option: with-open-ldap instead of with-openldap Once this was fixed the ebuild compiled successfuly, and the kerberos kdc works as expected. Some comments, to be improved: 1. Files in /etc/conf.d should be created to be able to configure heimdal daemons 2. heimdal-kadmind daemon fails to start due to missing /var/heimdal/kdc.conf. The location of this file may be indicated with a command line option (look #1). Should we put this file in under /etc? I think the ebuild is usable with the patches, but it should incorporate those improvements in later versions. jgonzalez.openinput@gmail.com 2004-09-13 15:18:08 0000 Created an attachment (id=39533) heimdal-0.6.3.ebuild.patch Inlcudes patches made by solar jgonzalez.openinput@gmail.com 2004-09-13 15:19:15 0000 Created an attachment (id=39534) heimdal-kadmind.patch In files directory jgonzalez.openinput@gmail.com 2004-09-13 15:20:02 0000 Created an attachment (id=39535) heimdal-kpasswdd.patch In files directory jgonzalez.openinput@gmail.com 2004-09-13 15:21:17 0000 Another thing to remember about this... if kadmind doesn't find config file in default location, it fails to start, but the init script thinks that kadmind started correctly, so the service is left in started state. This should be also fixed. solar@gentoo.org 2004-09-13 15:46:15 0000 Commited to portage. KEYWORDS="~x86 ~sparc ~ppc ~alpha ~ia64 ~amd64 ~hppa ~mips" Ready for arch testing. solar@gentoo.org 2004-09-13 19:54:43 0000 Arch maintainers please test and mark stable. jaervosz@gentoo.org 2004-09-13 23:10:27 0000 Thx Solar and Jose Arches please test and mark stable ASAP. This is a possible remote root exploit. jhuebel@gentoo.org 2004-09-14 09:36:41 0000 stable on amd64 pvdabeel@gentoo.org 2004-09-14 17:27:28 0000 ppc stable weeve@gentoo.org 2004-09-14 17:32:42 0000 Stable on sparc jaervosz@gentoo.org 2004-09-14 21:45:07 0000 ***bump*** x86 please mark stable ASAP this is a remote root exploit ***bump*** jaervosz@gentoo.org 2004-09-15 10:01:50 0000 There's another problem with heimdal: it presently conflicts with mit-krb5. jaervosz@gentoo.org 2004-09-15 10:01:50 0000 There's another problem with heimdal: it presently conflicts with mit-krb5.  See bug #47138 It would be good for somebody to look at the Debian mit-krb5 and heimdal packages to see how they manage the conflicting files. Regards, Aron gmsoft@gentoo.org 2004-09-15 12:08:25 0000 Stable on hppa. jgonzalez.openinput@gmail.com 2004-09-15 13:18:27 0000 Sune: Those conflicts shouldn't be managed at all... mit-krb and heimdal are different implementations of the same thing, so they simply shouldn't be installed at the same time. This ebuild provides and is blocked by virtual/krb5. The problem is that there are a lot of packages that depend on mit-krb5 instead of virtual/krb5, and somehow they got installed at the same time... maybe some older version of the ebuilds that didn't include the virtual/krb5 stuff? jaervosz@gentoo.org 2004-09-15 13:33:51 0000 Yeah my bad, it was quickly noticed on -dev: > There's another problem with heimdal: it presently conflicts with > mit-krb5. jaervosz@gentoo.org 2004-09-15 13:33:51 0000 Yeah my bad, it was quickly noticed on -dev: > There's another problem with heimdal: it presently conflicts with > mit-krb5.  See bug 47138 I guess this a problem of the past. Both packages provide virtual/krb5 and block each other this way. Carsten tester@gentoo.org 2004-09-15 14:57:55 0000 stable on x86 kloeri@gentoo.org 2004-09-15 15:44:48 0000 Stable on alpha. jaervosz@gentoo.org 2004-09-16 02:48:11 0000 GLSA 200409-19 ia64 and mips don't forget to mark stable to benifit from the GLSA. kumba@gentoo.org 2004-09-20 12:31:52 0000 mips stable. 39529 2004-09-13 14:05 0000 heimdal-0.6.3.ebuild.diff heimdal-0.6.3.ebuild.diff text/plain SW5kZXg6IGhlaW1kYWwtMC42LjMuZWJ1aWxkCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KUkNTIGZpbGU6IC92YXIvY3Zz cm9vdC9nZW50b28teDg2L2FwcC1jcnlwdC9oZWltZGFsL2hlaW1kYWwtMC42LjMuZWJ1aWxkLHYK cmV0cmlldmluZyByZXZpc2lvbiAxLjEKZGlmZiAtdSAtYiAtQiAtdyAtcCAtcjEuMSBoZWltZGFs LTAuNi4zLmVidWlsZAotLS0gaGVpbWRhbC0wLjYuMy5lYnVpbGQJMTMgU2VwIDIwMDQgMTU6NDA6 MzQgLTAwMDAJMS4xCisrKyBoZWltZGFsLTAuNi4zLmVidWlsZAkxMyBTZXAgMjAwNCAyMTowMzox NSAtMDAwMApAQCAtMiw3ICsyLDcgQEAKICMgRGlzdHJpYnV0ZWQgdW5kZXIgdGhlIHRlcm1zIG9m IHRoZSBHTlUgR2VuZXJhbCBQdWJsaWMgTGljZW5zZSB2MgogIyAkSGVhZGVyOiAvdmFyL2N2c3Jv b3QvZ2VudG9vLXg4Ni9hcHAtY3J5cHQvaGVpbWRhbC9oZWltZGFsLTAuNi4zLmVidWlsZCx2IDEu MSAyMDA0LzA5LzEzIDE1OjQwOjM0IGRyYWdvbmhlYXJ0IEV4cCAkCiAKLWluaGVyaXQgbGlidG9v bCBldXRpbHMKK2luaGVyaXQgbGlidG9vbCBldXRpbHMgZmxhZy1vLW1hdGljCiAKIERFU0NSSVBU SU9OPSJLZXJiZXJvcyA1IGltcGxlbWVudGF0aW9uIGZyb20gS1RIIgogU1JDX1VSST0iZnRwOi8v ZnRwLnBkYy5rdGguc2UvcHViL2hlaW1kYWwvc3JjLyR7UH0udGFyLmd6IgpAQCAtNTUsNyArNTUs NyBAQCBzcmNfY29tcGlsZSgpIHsKIAogCXVzZSBsZGFwICYmIG15Y29uZj0iJHtteWNvbmZ9IC0t d2l0aC1vcGVuLWxkYXA9L3VzciIKIAotCWFwcGVuZC1sZGZsYWdzIC1XbCwtegorCWFwcGVuZC1s ZGZsYWdzIC1XbCwteixub3cKIAllY29uZiAke215Y29uZn0gfHwgZGllICJlY29uZiBmYWlsZWQi CiAJZW1ha2UJCXx8IGRpZQogCg== 39533 2004-09-13 15:18 0000 heimdal-0.6.3.ebuild.patch patch.txt text/plain LS0tIC9yb290L3RtcC9oZWltZGFsL2hlaW1kYWwtMC42LjMuZWJ1aWxkICAgICAgMjAwNC0wOS0x MyAxNzo0MDozNC4wMDAwMDAwMDAgKzAyMDAKKysrIGhlaW1kYWwtMC42LjMuZWJ1aWxkICAgICAg ICAyMDA0LTA5LTEzIDIzOjQ0OjUyLjY3NjU2MDU4OSArMDIwMApAQCAtMiw3ICsyLDcgQEAKICMg RGlzdHJpYnV0ZWQgdW5kZXIgdGhlIHRlcm1zIG9mIHRoZSBHTlUgR2VuZXJhbCBQdWJsaWMgTGlj ZW5zZSB2MgogIyAkSGVhZGVyOiAvdmFyL2N2c3Jvb3QvZ2VudG9vLXg4Ni9hcHAtY3J5cHQvaGVp bWRhbC9oZWltZGFsLTAuNi4zLmVidWlsZCx2IDEuMSAyMDA0LzA5LzEzIDE1OjQwOjM0IGRyYWdv bmhlYXJ0IEV4cCAkCgotaW5oZXJpdCBsaWJ0b29sIGV1dGlscworaW5oZXJpdCBsaWJ0b29sIGV1 dGlscyBmbGFnLW8tbWF0aWMKCiBERVNDUklQVElPTj0iS2VyYmVyb3MgNSBpbXBsZW1lbnRhdGlv biBmcm9tIEtUSCIKIFNSQ19VUkk9ImZ0cDovL2Z0cC5wZGMua3RoLnNlL3B1Yi9oZWltZGFsL3Ny Yy8ke1B9LnRhci5neiIKQEAgLTUzLDkgKzUzLDkgQEAKICAgICAgICAgICAgICAgICYmIG15Y29u Zj0iJHtteWNvbmZ9IC0td2l0aC1rcmI0IC0td2l0aC1rcmI0LWNvbmZpZz0vdXNyL2F0aGVuYS9i aW4va3JiNC1jb25maWciIFwKICAgICAgICAgICAgICAgIHx8IG15Y29uZj0iJHtteWNvbmZ9IC0t d2l0aG91dC1rcmI0IgoKLSAgICAgICB1c2UgbGRhcCAmJiBteWNvbmY9IiR7bXljb25mfSAtLXdp dGgtb3Blbi1sZGFwPS91c3IiCisgICAgICAgdXNlIGxkYXAgJiYgbXljb25mPSIke215Y29uZn0g LS13aXRoLW9wZW5sZGFwPS91c3IiCgotICAgICAgIGFwcGVuZC1sZGZsYWdzIC1XbCwtegorICAg ICAgIGFwcGVuZC1sZGZsYWdzIC1XbCwteixub3cKICAgICAgICBlY29uZiAke215Y29uZn0gfHwg ZGllICJlY29uZiBmYWlsZWQiCiAgICAgICAgZW1ha2UgICAgICAgICAgIHx8IGRpZQogCg== 39534 2004-09-13 15:19 0000 heimdal-kadmind.patch patch.txt text/plain LS0tIC9yb290L3RtcC9oZWltZGFsL2ZpbGVzL2hlaW1kYWwta2FkbWluZCAgICAgMjAwNC0wOS0x MyAxNzo0MDozNC4wMDAwMDAwMDAgKzAyMDAKKysrIGZpbGVzL2hlaW1kYWwta2FkbWluZCAgICAg ICAyMDA0LTA5LTEzIDIzOjMzOjAzLjcwNjAwMDQ1OSArMDIwMApAQCAtMTksNiArMTksNiBAQAog c3RvcCgpIHsKICAgICAgICBlYmVnaW4gIlN0b3BwaW5nIGhlaW1kYWwga2FkbWluZCIKICAgICAg ICBzdGFydC1zdG9wLWRhZW1vbiAtLXN0b3AgLS1xdWlldCAtLWV4ZWMgXAotICAgICAgICAgICAg ICAgL3Vzci9saWJleGVjL2thZG1pbmQKKyAgICAgICAgICAgICAgIC91c3Ivc2Jpbi9rYWRtaW5k CiAgICAgICAgZWVuZCAkPwogfQo= 39535 2004-09-13 15:20 0000 heimdal-kpasswdd.patch patch.txt text/plain LS0tIC9yb290L3RtcC9oZWltZGFsL2ZpbGVzL2hlaW1kYWwta3Bhc3N3ZGQgICAgMjAwNC0wOS0x MyAxNzo0MDozNC4wMDAwMDAwMDAgKzAyMDAKKysrIGZpbGVzL2hlaW1kYWwta3Bhc3N3ZGQgICAg ICAyMDA0LTA5LTEzIDIzOjMzOjE5LjE3Njk3MzY4NiArMDIwMApAQCAtMTksNiArMTksNiBAQAog c3RvcCgpIHsKICAgICAgICBlYmVnaW4gIlN0b3BwaW5nIGhlaW1kYWwga3Bhc3N3ZGQiCiAgICAg ICAgc3RhcnQtc3RvcC1kYWVtb24gLS1zdG9wIC0tcXVpZXQgLS1leGVjIFwKLSAgICAgICAgICAg ICAgIC91c3IvbGliZXhlYy9rcGFzc3dkZAorICAgICAgICAgICAgICAgL3Vzci9zYmluL2twYXNz d2RkCiAgICAgICAgZWVuZCAkPwogfQo=