Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 183338

Summary: app-crypt/mit-krb5 uninitialized pointer free, integer conversion, stack buffer overflow (CVE-2007-{2442|2443|2798})
Product: Gentoo Security Reporter: Heath Caldwell (RETIRED) <hncaldwell>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: critical CC: henson, kerberos
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.us-cert.gov/cas/techalerts/TA07-177A.html
Whiteboard: B0? [glsa] jaervosz
Package list:
Runtime testing required: ---

Description Heath Caldwell (RETIRED) gentoo-dev 2007-06-26 23:11:37 UTC 
* VU#356961 - MIT Kerberos RPC library gssrpc__svcauth_gssapi() uninitialized pointer free vulnerability
      A vulnerability in the MIT Kerberos administration daemon (kadmind) may allow an uninitialized pointer to be freed, which may allow a remote, unauthenticated user to execute arbitrary code. This vulnerability can be triggered by sending a specially crafted Kerberos message to a vulnerable system.

    * VU#365313 - MIT Kerberos kadmind RPC library gssrpc__svcauth_unix() integer conversion error
      An integer conversion error vulnerability exists in the MIT Kerberos kadmind that may allow a remote, unauthenticated user to execute arbitrary code.

    * VU#554257 - MIT Kerberos kadmind principal renaming stack buffer overflow
      A stack buffer overflow exists in the way the MIT Kerberos kadmind handles the principle renaming operation, which may allow a remote, authenticated user to execute arbitrary code.


Reproducible: Didn't try

Steps to Reproduce:




May also be related to:
CVE-2007-2442 krb5 RPC library unitialized pointer free,                                                                                                                                              
CVE-2007-2443 krb5 RPC library stack overflow, and  
CVE-2007-2798 krb5 kadmind buffer overflow,
which are still under review.
Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-06-28 04:50:12 UTC 
Kerberos please provide the updated ebuild.
Comment 2 Seemant Kulleen (RETIRED) gentoo-dev 2007-07-03 14:48:03 UTC 
mit-krb5-1.5.2-r3 and mit-krb5-1.5.3 both solve this bug.

Please stable both, if possible.
Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-07-15 07:43:49 UTC 
Sorry for calling arches SO late, I've been out of the loop for a few weeks.

Arches please test and mark stable mit-krb5-1.5.2-r3 or mit-krb5-1.5.3. Target keywords are:

"alpha amd64 arm hppa ia64 m68k mips ppc ppc64 s390 sh sparc x86"
Comment 4 Raúl Porcel (RETIRED) gentoo-dev 2007-07-15 13:09:26 UTC 
alpha/ia64/x86 stable
Comment 5 Steve Dibb (RETIRED) gentoo-dev 2007-07-15 16:28:36 UTC 
amd64 stable
Comment 6 Tobias Scherbaum (RETIRED) gentoo-dev 2007-07-15 21:02:06 UTC 
ppc stable
Comment 7 Jeroen Roovers (RETIRED) gentoo-dev 2007-07-16 07:18:55 UTC 
Both stable for HPPA.
Comment 8 Gustavo Zacarias (RETIRED) gentoo-dev 2007-07-16 12:08:17 UTC 
sparc stable.
Comment 9 Markus Rothe (RETIRED) gentoo-dev 2007-07-16 18:58:12 UTC 
=app-crypt/mit-krb5-1.5.3 stable on ppc64
Comment 10 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2007-07-25 22:32:00 UTC 
GLSA 200707-11, thanks to everybody !