Summary: | <app-crypt/mit-krb5-1.9.4 : "check_1_6_dummy()" Denial of Service Weakness (CVE-2012-{1012,1013}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | kerberos |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/49346/ | ||
Whiteboard: | B3 [glsa?] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2012-06-05 14:00:03 UTC
+*mit-krb5-1.10.2 (05 Jun 2012) + + 05 Jun 2012; Eray Aslan <eras@gentoo.org> +mit-krb5-1.10.2.ebuild: + security bump - bug #419765 + @security. We can stabilize =app-crypt/mit-krb5-1.10.2. But there are some keywords missing. Please see bug #412489. Thanks, Eray. Given the administrator requirement I think we're ok waiting for bug 412489. CVE-2012-1013 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1013): The check_1_6_dummy function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x, and 1.10.x before 1.10.2 allows remote authenticated administrators to cause a denial of service (NULL pointer dereference and daemon crash) via a KRB5_KDB_DISALLOW_ALL_TIX create request that lacks a password. CVE-2012-1012 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1012): server/server_stubs.c in the kadmin protocol implementation in MIT Kerberos 5 (aka krb5) 1.10 before 1.10.1 does not properly restrict access to (1) SET_STRING and (2) GET_STRINGS operations, which might allow remote authenticated administrators to modify or read string attributes by leveraging the global list privilege. +*mit-krb5-1.9.4 (23 Jun 2012) + + 23 Jun 2012; Eray Aslan <eras@gentoo.org> +mit-krb5-1.9.4.ebuild: + security bump - bug #419765 + @security: mit-krb5-1.9.4 is released with the fix. We might want to stabilize =app-crypt/mit-krb5-1.9.4 - which has all the keywords - instead of waiting for mit-krb5-1.10.2. Thanks Eras. Arches, please test and mark stable: =app-crypt/mit-krb5-appl-1.9.4 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86" amd64 stable x86 stable Improvements in the test suite over the old stable. Stable for HPPA. alpha/arm/ia64/s390/sh/sparc stable ppc stable @ppc64, you will continue in bug 429324 @security, please vote. Thanks, everyone. GLSA Vote: no. Vote: NO, closing noglsa. |