Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 199212 - mit-krb5 lib vulnerability
Summary: mit-krb5 lib vulnerability
Status: RESOLVED DUPLICATE of bug 199205
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-11-15 08:37 UTC by airsupply
Modified: 2007-11-16 22:12 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description airsupply 2007-11-15 08:37:22 UTC
mit-krb5 lib vulnerability
[Security Advisory]

Advisory: [AD_LAB-0713] mit-krb5 gssapi lib vulnerability
Class: Design Error
DATE:11/9/2007
CVEID: CVE-2007-5971
Vulnerable:
	mit-krb5 All
Vendor:
	MIT
I.Synopsis

A vulnerability has been discovered in gssapi lib included in mit-krb5.

II.DETAILS:
----------
Background

The gssapi lib is crypt lib including in mit-krb5.

Description

	There is a double free vulnerability in function gss_krb5int_make_seal_token_v3 in k5sealv3.c.
......
235  		if (message2->length)
236  		    memcpy(outbuf + 16, message2->value, message2->length);
237  	
238  		sum.contents = outbuf + 16 + message2->length;
239  		sum.length = ctx->cksum_size;
240  	
241  		err = krb5_c_make_checksum(context, ctx->cksumtype, key,
242  					   key_usage, &plain, &sum);
243  		zap(plain.data, plain.length);
244  		free(plain.data);
245  		plain.data = 0;
246  		if (err) {
247  		    zap(outbuf,bufsize);
(1)Pointer outbuf freed by function free
248 		free(outbuf);
249  		    goto error;
250  		}
251  		if (sum.length != ctx->cksum_size)
252  		    abort();
......
287  	error:
(2) Double free of pointer outbuf in free(outbuf)
288 free(outbuf);
289  	    token->value = NULL;
290  	    token->length = 0;
291  	    return err;
292  	}
293 
......
Impact
    A remote attacker may cause instability and potentially crash an application or service that using the gssapi lib in mit-krb5.


III.CREDIT: 
----------
    Venustech AD-LAB discovery this vuln. Thank to all Venustech AD-Lab guys.

V.DISCLAIMS:
-----------

The information in this bulletin is provided "AS IS" without warranty of any
kind. In no event shall we be liable for any damages whatsoever including direct,
indirect, incidental, consequential, loss of business profits or special damages. 

Copyright 1996-2007 VENUSTECH. All Rights Reserved. Terms of use.

VENUSTECH Security Lab 
VENUSTECH INFORMATION TECHNOLOGY CO.,LTD(http://www.venustech.com.cn)

Security
Trusted {Solution} Provider
Service
Comment 1 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-11-16 22:12:05 UTC

*** This bug has been marked as a duplicate of bug 199205 ***