Summary: | <app-crypt/mit-krb5-{1.8.3-r3,1.9-r1}: Multiple DoS vulnerabilities (CVE-2010-4022,CVE-2011-{0281,0282,0283,0284}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Alex Legler (RETIRED) <a3li> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | eras |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-001.txt | ||
Whiteboard: | C3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Alex Legler (RETIRED)
2011-01-26 19:46:28 UTC
Upstream notes that the disclosure of CVE-2011-0281 might already happen before Feb 08 as the trigger is already semi-public. Eray, do you want to prepare an updated ebuild for prestabling? These issues are 'just' DoS in special configurations, that might not warrant the effort, but with likely 12 days of time left, it might still be worth perusing. Let me know, and I'll request the patches. Aye, if you can get the patches, I am all for updating the ebuild. Thanks. +*mit-krb5-1.9-r1 (08 Feb 2011) +*mit-krb5-1.8.3-r3 (08 Feb 2011) + + 08 Feb 2011; Eray Aslan <eras@gentoo.org> +mit-krb5-1.8.3-r3.ebuild, + +files/mit-krb5-1.8.3-CVE-2011-0281.0282.0283.patch, + +mit-krb5-1.9-r1.ebuild, +files/CVE-2010-4022.patch, + +files/CVE-2011-0281.0282.0283.patch: + Security bump - bug #352859 + These issues are now public: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-001.txt http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt (In reply to comment #3) > +*mit-krb5-1.9-r1 (08 Feb 2011) > +*mit-krb5-1.8.3-r3 (08 Feb 2011) > + Thank you, Eray. Are we ok to stabilize =app-crypt/mit-krb5-1.8.3-r3? (In reply to comment #4) > Are we ok to stabilize =app-crypt/mit-krb5-1.8.3-r3? Yes, =app-crypt/mit-krb5-1.8.3-r3 is OK for stabilization. Sorry, should have mentioned it in my comment above. (In reply to comment #5) > (In reply to comment #4) > > Are we ok to stabilize =app-crypt/mit-krb5-1.8.3-r3? > > Yes, =app-crypt/mit-krb5-1.8.3-r3 is OK for stabilization. Sorry, should have > mentioned it in my comment above. > Thanks and no problem. Arches, please test and mark stable: =app-crypt/mit-krb5-1.8.3-r3 Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86" amd64 ok amd64 done. Thanks Agostino ppc/ppc64 stable x86 stable lpha/arm/ia64/m68k/s390/sh/sparc stable Stable for HPPA. Thanks, folks. GLSA Vote: Yes. GLSA with #323525 . CVE-2011-0284 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0284): Double free vulnerability in the prepare_error_as function in do_as_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 through 1.9, when the PKINIT feature is enabled, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via an e_data field containing typed data. CVE-2011-0283 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0283): The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed request packet that does not trigger a response packet. CVE-2011-0282 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0282): The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (NULL pointer dereference or buffer over-read, and daemon crash) via a crafted principal name. CVE-2011-0281 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0281): The unparse implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (file descriptor exhaustion and daemon hang) via a principal name that triggers use of a backslash escape sequence, as demonstrated by a \n sequence. CVE-2010-4022 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4022): The do_standalone function in the MIT krb5 KDC database propagation daemon (kpropd) in Kerberos 1.7, 1.8, and 1.9, when running in standalone mode, does not properly handle when a worker child process "exits abnormally," which allows remote attackers to cause a denial of service (listening process termination, no new connections, and lack of updates in slave KVC) via unspecified vectors. This issue was resolved and addressed in GLSA 201201-13 at http://security.gentoo.org/glsa/glsa-201201-13.xml by GLSA coordinator Sean Amoss (ackle). |