Summary: | <app-crypt/mit-krb5-1.13.2: issues in OTP and PKINIT kdcpreauth modules leading to requires_preauth bypass (CVE-2014-5355,CVE-2015-2694) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | kerberos |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1216133 | ||
Whiteboard: | B3 [noglsa/cve] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2015-04-28 15:26:51 UTC
CVE-2015-2694 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2694): The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c. CVE-2014-5355 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5355): MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '\0' character, which allows remote attackers to (1) cause a denial of service (NULL pointer dereference) via a zero-byte version string or (2) cause a denial of service (out-of-bounds read) by omitting the '\0' character, related to appl/user_user/server.c and lib/krb5/krb/recvauth.c. CVE-2014-5355 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5355): MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '\0' character, which allows remote attackers to (1) cause a denial of service (NULL pointer dereference) via a zero-byte version string or (2) cause a denial of service (out-of-bounds read) by omitting the '\0' character, related to appl/user_user/server.c and lib/krb5/krb/recvauth.c. Maintainers, are we ready for stabilization here? Arches, please test and mark stable =app-crypt/mit-krb5-1.13.2 Target Keywords: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 amd64 stable ppc stable Stable for PPC64. Stable for HPPA. x86 stable arm stable ia64 stable alpha stable sparc stable. Maintainer(s), please cleanup. Security, please vote. Arches and Maintainer(s), Thank you for your work. GLSA Vote: No GLSA Vote: No |