Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 577930 (CVE-2016-3119)

Summary: <app-crypt/mit-krb5-1.14.2: null pointer dereference in kadmin (CVE-2016-3119)
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: kerberos
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://bugzilla.redhat.com/show_bug.cgi?id=1319616
Whiteboard: B3 [noglsa cve]
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2016-03-21 13:37:22 UTC 
From ${URL} :

It was reported that in all versions of MIT krb5, an authenticated attacker with permission to modify a principal entry can cause kadmind to dereference a null pointer by supplying an empty DB argument to the modify_principal command, if kadmind is configured to 
use the LDAP KDB module.

Upstream patch:

https://github.com/krb5/krb5/commit/08c642c09c38a9c6454ab43a9b53b2a89b9eef99


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Eray Aslan gentoo-dev 2016-04-21 16:09:32 UTC 
Arches, please stabilize
=app-crypt/mit-krb5-1.14.2

Target Keywords = alpha amd64 arm ~arm64 hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86
Comment 2 Jeroen Roovers (RETIRED) gentoo-dev 2016-04-23 10:31:14 UTC 
Stable for HPPA PPC64.
Comment 3 Agostino Sarubbo gentoo-dev 2016-04-26 11:20:20 UTC 
amd64 stable
Comment 4 Markus Meier gentoo-dev 2016-04-26 17:29:56 UTC 
arm stable
Comment 5 Tobias Klausmann (RETIRED) gentoo-dev 2016-05-20 13:52:38 UTC 
Stable on alpha.
Comment 6 Agostino Sarubbo gentoo-dev 2016-06-27 08:49:25 UTC 
x86 stable
Comment 7 Agostino Sarubbo gentoo-dev 2016-07-08 07:56:01 UTC 
ppc stable
Comment 8 Agostino Sarubbo gentoo-dev 2016-07-08 10:04:43 UTC 
sparc stable
Comment 9 Agostino Sarubbo gentoo-dev 2016-07-08 12:04:14 UTC 
ia64 stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 10 Eray Aslan gentoo-dev 2016-07-14 11:20:27 UTC 
cleanup done:

commit 14af0646800b47b2942c2f18d5c9955d8d73717a
Author: Eray Aslan <eras@gentoo.org>
Date:   Tue Jul 12 15:53:36 2016 +0300

    app-crypt/mit-krb5: remove old
    
    Package-Manager: portage-2.3.0
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2016-07-14 11:38:32 UTC 
CVE-2016-3119 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3119):
  The process_db_args function in
  plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in
  kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through
  1.14.1 mishandles the DB argument, which allows remote authenticated users
  to cause a denial of service (NULL pointer dereference and daemon crash) via
  a crafted request to modify a principal.
Comment 12 Aaron Bauman (RETIRED) gentoo-dev 2016-07-14 11:41:09 UTC 
(In reply to Eray Aslan from comment #10)
> cleanup done:
> 
> commit 14af0646800b47b2942c2f18d5c9955d8d73717a
> Author: Eray Aslan <eras@gentoo.org>
> Date:   Tue Jul 12 15:53:36 2016 +0300
> 
>     app-crypt/mit-krb5: remove old
>     
>     Package-Manager: portage-2.3.0

@Eras, thanks for the work!

GLSA Vote: No.