Summary: | <app-crypt/mit-krb5-1.8.2: kadmind 1.6.3 crashes when a newer mit kadmin client connects to it (CVE-2010-0629) | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Richard F. Ostrow Jr. <kshots> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | minor | CC: | kerberos, xmw | ||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-003.txt | ||||||
Whiteboard: | B3 [glsa] | ||||||
Package list: | Runtime testing required: | --- | |||||
Bug Depends on: | 323525 | ||||||
Bug Blocks: | |||||||
Attachments: |
|
Description
Richard F. Ostrow Jr.
2010-05-29 04:08:59 UTC
Created attachment 233357 [details, diff]
patch to the 1.6.3-r6 ebuild to apply the mit-kerberos SA patch to fix this issue
This ebuild patch (against app-crypt/mit-krb5-1.6.3-r6.ebuild) applies the SA patch in the referenced URL. The ebuild patch expects to find this SA patch in the ${FILESDIR}. Appears to work properly on my system.
Hello Richard, thanks for the report, but i had to guess category/package out of the URL (knowing something about the different kerberos implementations), please add this next time. Michael Kerberos herd, please provide an updated ebuild (see URL for patch) Please file security bugs in the "Gentoo Security" product of Bugzilla (usually with component "Vulnerabilities" (In reply to comment #3) > Kerberos herd, please provide an updated ebuild (see URL for patch) NACK. mit-krb5-1.6.3 should not be used anymore. It is too old and has too many security problems. Correct fix is to stabilize mit-krb5-1.8.2. I can open a stabilization bug for =app-crypt/mit-krb5-1.8.2 but would prefer if you do (as a real dev). CVE-2010-0629 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0629): Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an invalid API version number. Stabilization request for app-crypt/mit-krb5-1.8.2 at bug #323525 CVE-2010-0629 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0629): Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an invalid API version number. We stabilized a fixed package via bug 323525. GLSA Vote: Yes. Added to pending glsa. This issue was resolved and addressed in GLSA 201201-13 at http://security.gentoo.org/glsa/glsa-201201-13.xml by GLSA coordinator Sean Amoss (ackle). |