Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 458712 (CVE-2013-1415)

Summary: <app-crypt/mit-krb5-1.11.1: PKINIT null pointer deref (CVE-2013-1415)
Product: Gentoo Security Reporter: Eray Aslan <eras>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: kerberos
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://mailman.mit.edu/pipermail/kerberos-announce/2013q1/000142.html
Whiteboard: B3 [noglsa]
Package list:
Runtime testing required: ---

Description Eray Aslan gentoo-dev 2013-02-22 11:02:53 UTC 
PKINIT null pointer deref [CVE-2013-1415]
Don't dereference a null pointer when cleaning up.

The KDC plugin for PKINIT can dereference a null pointer when a
malformed packet causes processing to terminate early, leading to
a crash of the KDC process.  An attacker would need to have a valid
PKINIT certificate or have observed a successful PKINIT authentication,
or an unauthenticated attacker could execute the attack if anonymous
PKINIT is enabled.

CVSSv2 vector: AV:N/AC:M/Au:N/C:N/I:N/A:C/E:P/RL:O/RC:C


This bug has been present since the initial import of PKINIT for 1.6.3; all later releases are affected.
Comment 1 Eray Aslan gentoo-dev 2013-02-22 11:09:32 UTC 
+*mit-krb5-1.11.1 (22 Feb 2013)
+
+  22 Feb 2013; Eray Aslan <eras@gentoo.org> +mit-krb5-1.11.1.ebuild:
+  Security bump - bug #458712
+

@security: We can stabilize =app-crypt/mit-krb5-1.11.1.  But please note that a bunch of keywords are missing (see bug #412489).  Thanks.
Comment 2 Eray Aslan gentoo-dev 2013-03-03 19:00:24 UTC 
As requested by Ago on irc:

Arches, please test and mark stable =app-crypt/mit-krb5-1.11.1.   Thank you.

Target keywords:
alpha amd64 arm hppa ia64 ~mips ppc ppc64 s390 sh sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos
Comment 3 Agostino Sarubbo gentoo-dev 2013-03-03 19:03:20 UTC 
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2013-03-03 19:04:22 UTC 
x86 stable
Comment 5 Agostino Sarubbo gentoo-dev 2013-03-03 19:05:13 UTC 
ppc stable
Comment 6 Agostino Sarubbo gentoo-dev 2013-03-03 19:08:20 UTC 
ppc64 stable
Comment 7 Agostino Sarubbo gentoo-dev 2013-03-03 19:43:32 UTC 
arm stable
Comment 8 Agostino Sarubbo gentoo-dev 2013-03-03 19:45:45 UTC 
alpha stable
Comment 9 Agostino Sarubbo gentoo-dev 2013-03-03 20:08:33 UTC 
ia64 stable
Comment 10 Agostino Sarubbo gentoo-dev 2013-03-03 20:28:04 UTC 
s390 stable
Comment 11 Agostino Sarubbo gentoo-dev 2013-03-03 20:43:00 UTC 
sparc stable
Comment 12 Agostino Sarubbo gentoo-dev 2013-03-03 22:45:10 UTC 
hppa stable
Comment 13 GLSAMaker/CVETool Bot gentoo-dev 2013-03-05 22:46:21 UTC 
CVE-2013-1415 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1415):
  The pkinit_check_kdc_pkid function in
  plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation
  in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before
  1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during
  extraction of fields from an X.509 certificate, which allows remote
  attackers to cause a denial of service (NULL pointer dereference and daemon
  crash) via a malformed KRB5_PADATA_PK_AS_REQ AS-REQ request.
Comment 14 Agostino Sarubbo gentoo-dev 2013-03-06 10:28:03 UTC 
sh stable
Comment 15 Tobias Heinlein (RETIRED) gentoo-dev 2013-03-24 19:41:12 UTC 
Ready for vote, I vote NO.
Comment 16 Sean Amoss (RETIRED) gentoo-dev Security 2013-04-10 21:04:56 UTC 
GLSA vote: no.

Closing noglsa.