Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 879875

Summary: <app-crypt/mit-krb5-1.20.1: heap corruption in a KDC or kadmind process
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: CONFIRMED ---    
Severity: normal CC: kerberos
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://mailman.mit.edu/pipermail/kerberos-announce/2022q4/000202.html
See Also: https://bugs.gentoo.org/show_bug.cgi?id=880437
Whiteboard: C2 [glsa]
Package list:
Runtime testing required: ---
Bug Depends on: 881431    
Bug Blocks: 881397    

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-11-05 14:38:31 UTC 
"There will be an MIT krb5 security advisory on November 15, 2022, with
corresponding patch releases 1.20.1 and 1.19.4.  The KDC, kadmind, and
GSS and Kerberos application servers are affected.  The impact is
significantly reduced on 64-bit platforms."
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-11-15 16:16:00 UTC 
"
An authenticated attacker may be able to cause a KDC or kadmind
process to crash by reading beyond the bounds of allocated memory,
creating a denial of service.  A privileged attacker may similarly be
able to cause a Kerberos or GSS application service to crash.

On a 32-bit platform, an authenticated attacker may be able to cause
heap corruption in a KDC or kadmind process, possibly leading to
remote code execution.  A privileged attacker may similarly be able to
cause heap corruption in a Kerberos or GSS application service running
on a 32-bit platform.

An attacker with the privileges of a cross-realm KDC may be able to
extract secrets from a KDC process's memory by having them copied into
the PAC of a new ticket.

...

* Upcoming releases in the krb5-1.19 and krb5-1.20 series will contain
  fixes for these vulnerabilities."

I guess we're still waiting.
Comment 2 Larry the Git Cow gentoo-dev 2022-11-28 11:39:47 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=71f7fd3da4b44921e34d9ab58d00a8ae9b925d4a

commit 71f7fd3da4b44921e34d9ab58d00a8ae9b925d4a
Author:     Eray Aslan <eras@gentoo.org>
AuthorDate: 2022-11-28 11:39:18 +0000
Commit:     Eray Aslan <eras@gentoo.org>
CommitDate: 2022-11-28 11:39:18 +0000

    app-crypt/mit-krb5: drop 1.20
    
    Bug: https://bugs.gentoo.org/879875
    Signed-off-by: Eray Aslan <eras@gentoo.org>

 app-crypt/mit-krb5/Manifest             |   1 -
 app-crypt/mit-krb5/mit-krb5-1.20.ebuild | 148 --------------------------------
 2 files changed, 149 deletions(-)