|Summary:||<sys-auth/pam_krb5-4.9: Buffer overflow (CVE-2020-10595)|
|Product:||Gentoo Security||Reporter:||Sam James <sam>|
|Component:||Vulnerabilities||Assignee:||Gentoo Security <security>|
|Severity:||minor||CC:||eras, kerberos, whissi|
|Whiteboard:||B3 [noglsa cve]|
|Runtime testing required:||---|
Description Sam James 2020-03-31 11:37:40 UTC
From URL: Vulnerability type: Buffer overflow Versions affected: All versions prior to 4.8 Versions fixed: 4.9 and later Discovered: 2020-03-02 Public announcement: 2009-03-30 CVE ID: CVE-2020-10595 During a refactor of my pam-krb5 Kerberos PAM module, I discovered a single byte buffer overflow that had been there since either the first version of the module or very early in its development. During prompting initiated by the Kerberos library, an attacker who enters a response exactly as long as the length of the buffer provided by the underlying Kerberos library will cause pam-krb5 to write a single nul byte past the end of that buffer. ---- See URL for more info.
Comment 1 Sam James 2020-03-31 11:37:59 UTC
@maintainer(s), please create an appropriate ebuild
Comment 2 Thomas Deutschmann 2020-03-31 18:00:11 UTC
*** Bug 711840 has been marked as a duplicate of this bug. ***
Comment 3 Larry the Git Cow 2020-04-02 08:02:46 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1bca9f938e3b08bafcb35c882398c8b130015b08 commit 1bca9f938e3b08bafcb35c882398c8b130015b08 Author: Eray Aslan <firstname.lastname@example.org> AuthorDate: 2020-04-02 08:02:23 +0000 Commit: Eray Aslan <email@example.com> CommitDate: 2020-04-02 08:02:23 +0000 sys-auth/pam_krb5: security bump to 4.9 Bug: https://bugs.gentoo.org/715606 Package-Manager: Portage-2.3.96, Repoman-2.3.22 Signed-off-by: Eray Aslan <firstname.lastname@example.org> sys-auth/pam_krb5/Manifest | 1 + sys-auth/pam_krb5/pam_krb5-4.9.ebuild | 35 +++++++++++++++++++++++++++++++++++ 2 files changed, 36 insertions(+)
Comment 4 Sam James 2020-04-02 08:11:25 UTC
@maintainer(s), please advise if ready for stabilisation, or call yourself
Comment 5 Eray Aslan 2020-04-07 14:48:09 UTC
Arches, please test and mark stable =sys-auth/pam_krb5-4.9 Target Keywords = ~alpha amd64 arm ~hppa ~ia64 ppc ppc64 ~s390 ~sparc x86
Comment 6 Agostino Sarubbo 2020-04-13 15:53:20 UTC
This is an automatic message. @maintainer(s): I'm getting test-failure(s) (that were already reported) on amd64. If you want the package to pass my CI environment and got stabilized, please carry out the necessary operations to make sure that src_test() won't fail. Thanks.
Comment 7 Eray Aslan 2020-04-14 07:12:21 UTC
(In reply to Agostino Sarubbo from comment #6) > @maintainer(s): > I'm getting test-failure(s) (that were already reported) on amd64. If you > want the package to pass my CI environment and got stabilized, please carry > out the necessary operations to make sure that src_test() won't fail. Did you have mit-krb5 or heimdal installed when running the tests? I think known problem of test failure when kerberos is not installed.
Comment 8 Eray Aslan 2020-04-14 13:09:28 UTC
(In reply to Eray Aslan from comment #7) > Did you have mit-krb5 or heimdal installed when running the tests? I think > known problem of test failure when kerberos is not installed. and I mean configured - not installed in the above comment. sorry. the failing test needs a /etc/krb5.conf if I am not mistaken. in other words, tests fail if kerberos is installed but not configured. anyway, added RESTRICT="test" for now
Comment 9 Agostino Sarubbo 2020-04-14 16:43:55 UTC
Comment 10 Agostino Sarubbo 2020-04-14 16:44:37 UTC
Comment 11 Agostino Sarubbo 2020-04-15 06:55:19 UTC
Comment 12 Agostino Sarubbo 2020-04-15 06:58:42 UTC
Comment 13 Agostino Sarubbo 2020-04-15 13:36:11 UTC
arm stable. Maintainer(s), please cleanup. Security, please vote.
Comment 14 NATTkA bot 2020-04-15 13:40:36 UTC
Resetting sanity check; keywords are not fully specified and arches are not CC-ed.
Comment 15 Larry the Git Cow 2020-04-15 16:56:17 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=311371918f8e7165027abb59e413f1d53033e926 commit 311371918f8e7165027abb59e413f1d53033e926 Author: Eray Aslan <email@example.com> AuthorDate: 2020-04-15 16:55:52 +0000 Commit: Eray Aslan <firstname.lastname@example.org> CommitDate: 2020-04-15 16:55:52 +0000 sys-auth/pam_krb5: remove vulnerable Bug: https://bugs.gentoo.org/715606 Package-Manager: Portage-2.3.99, Repoman-2.3.22 Signed-off-by: Eray Aslan <email@example.com> sys-auth/pam_krb5/Manifest | 2 -- sys-auth/pam_krb5/pam_krb5-4.6.ebuild | 34 ---------------------------------- sys-auth/pam_krb5/pam_krb5-4.7.ebuild | 35 ----------------------------------- 3 files changed, 71 deletions(-)
Comment 16 Rolf Eike Beer 2020-04-15 21:56:45 UTC
Comment 17 Rolf Eike Beer 2020-04-18 08:12:33 UTC