Bug 621394 (CVE-2017-6594)

Summary:	<app-crypt/heimdal-7.4.0: bypass of capath policy
Product:	Gentoo Linux	Reporter:	Andrey Ovcharov <sudormrfhalt>
Component:	Current packages	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	jstein, kerberos
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	B4 [noglsa cve]
Package list:		Runtime testing required:	---
Attachments:	heimdal-7.1.0-CVE-2017-6594.patch

Description Andrey Ovcharov 2017-06-10 13:34:34 UTC

https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6594.html
https://security-tracker.debian.org/tracker/CVE-2017-6594
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6594

Comment 1 Andrey Ovcharov 2017-06-10 13:44:10 UTC

Created attachment 475900 [details, diff]
heimdal-7.1.0-CVE-2017-6594.patch

Comment 2 Kristian Fiskerstrand (RETIRED) gentoo-dev

2017-07-12 11:58:45 UTC

https://github.com/heimdal/heimdal/commit/b1e699103f08d6a0ca46a122193c9da65f6cf837:
 Fix transit path validation CVE-2017-6594

Commit f469fc6 (2010-10-02) inadvertently caused the previous hop realm
to not be added to the transit path of issued tickets.  This may, in
some cases, enable bypass of capath policy in Heimdal versions 1.5
through 7.2.

Note, this may break sites that rely on the bug.  With the bug some
incomplete [capaths] worked, that should not have.  These may now break
authentication in some cross-realm configurations.

Comment 3 Aaron Bauman (RETIRED) gentoo-dev

2018-01-19 14:07:44 UTC

Fix is present in >=7.4.0 source.  

GLSA Vote: No