Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 191301

Summary: app-crypt/mit-krb5 < 1.5.3-r1 multiple vulnerabilities (CVE-2007-3999, CVE-2007-4000)
Product: Gentoo Security Reporter: Heath Caldwell (RETIRED) <hncaldwell>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: gentoobugs, henson, kerberos, lkml_ccc
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B0 [glsa] vorlon
Package list:
Runtime testing required: ---
Attachments:
Description Flags
Revised patch.
none
sparc64 emerge --info none

Description Heath Caldwell (RETIRED) gentoo-dev 2007-09-04 21:23:49 UTC
MITKRB5-SA-2007-006: kadmind RPC lib buffer overflow, uninitialized pointer

[CVE-2007-3999] An unauthenticated remote user may be able to cause a
host running kadmind to execute arbitrary code.

[CVE-2007-4000] An authenticated user with "modify policy" privilege
may be able to cause a host running kadmind to execute arbitrary code.

See:  http://www.securityfocus.com/archive/1/478544

Reproducible: Always

Steps to Reproduce:
Comment 1 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-09-05 11:03:12 UTC
*** Bug 191356 has been marked as a duplicate of this bug. ***
Comment 2 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-09-05 11:08:32 UTC
kerberos, please advise.
Comment 3 Seemant Kulleen (RETIRED) gentoo-dev 2007-09-05 13:13:29 UTC
I think I have some patches laying around for this fix.  Will report back.
Comment 4 Heath Caldwell (RETIRED) gentoo-dev 2007-09-05 21:00:59 UTC
Created attachment 130116 [details, diff]
Revised patch.

See http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-006.txt

"...
The patch for CVE-2007-3999 has been revised; the patch originally
released for svc_auth_gss.c allowed a 32-byte overflow.  Depending
on the compilation environment and machine architecture, this may or
may not be a significant continued vulnerability.  The new patch
below correctly checks the buffer length.
..."
Comment 5 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-09-06 07:45:44 UTC
*** Bug 191444 has been marked as a duplicate of this bug. ***
Comment 6 Seemant Kulleen (RETIRED) gentoo-dev 2007-09-07 06:27:36 UTC
thanks for that Heath.  New ebuild is 1.5.3-r1.

Arch teams can feel free to do what they need to.
Comment 7 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-09-07 07:52:57 UTC
Thanks Seemant. Arches, please test and mark stable. Target keywords are:
"alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86"
Comment 8 Jeroen Roovers (RETIRED) gentoo-dev 2007-09-07 09:47:39 UTC
Stable for HPPA.
Comment 9 Raúl Porcel (RETIRED) gentoo-dev 2007-09-07 11:39:54 UTC
alpha/ia64/x86 stable
Comment 10 Tobias Scherbaum (RETIRED) gentoo-dev 2007-09-07 14:52:50 UTC
ppc stable
Comment 11 Chris Gianelloni (RETIRED) gentoo-dev 2007-09-07 18:18:39 UTC
amd64 done
Comment 12 Markus Rothe (RETIRED) gentoo-dev 2007-09-08 08:05:48 UTC
ppc64 stable
Comment 13 Jorge Manuel B. S. Vicetto Gentoo Infrastructure gentoo-dev 2007-09-09 03:57:12 UTC
mit-krb5-1.5.3-r1 emerged fine here on sparc64 with both:
app-crypt/mit-krb5-1.5.3-r1 (ipv6 tcl)
app-crypt/mit-krb5-1.5.3-r1
Comment 14 Jorge Manuel B. S. Vicetto Gentoo Infrastructure gentoo-dev 2007-09-09 03:59:26 UTC
Created attachment 130389 [details]
sparc64 emerge --info
Comment 15 Matthias Geerdsen (RETIRED) gentoo-dev 2007-09-10 18:48:08 UTC
security:
GLSA drafted and ready for review

sparc team, please test and mark stable
Comment 16 Jeroen Roovers (RETIRED) gentoo-dev 2007-09-11 03:17:47 UTC
Stable for SPARC.
Comment 17 Matthias Geerdsen (RETIRED) gentoo-dev 2007-09-11 20:04:56 UTC
GLSA 200709-01

thanks everyone