Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 158810 - app-crypt/mit-krb5 arbitrary code execution (CVE-2006-614{3|4})
Summary: app-crypt/mit-krb5 arbitrary code execution (CVE-2006-614{3|4})
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High blocker (vote)
Assignee: Gentoo Security
Whiteboard: B0? [glsa] jaervosz
: 161258 161260 (view as bug list)
Depends on:
Reported: 2006-12-22 01:08 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified: 2020-02-13 08:18 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---

krb_cleaned.patch (krb_cleaned.patch,47.75 KB, patch)
2007-01-06 13:59 UTC, Sune Kloppenborg Jeppesen (RETIRED)
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-12-22 01:08:57 UTC
Advisory MITKRB5-SA-2006-003 concerns the following vulnerability:


An unauthenticated user may cause execution of arbitrary code in the
Kerberos administration daemon, "kadmind", by causing it to free
uninitialized pointers which should have been initialized by the
GSS-API library.  Compromise of the Kerberos key database may result.
Third-party server applications written using the GSS-API library
provided with MIT krb5 may also be vulnerable.

Affected releases are krb5-1.5 through krb5-1.5.1.

No exploit code is known to exist at this time.
Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-12-22 01:12:44 UTC
Mailed upstream for patches.
Comment 2 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-12-22 01:14:38 UTC
There is a second issue:

Advisory MITKRB5-SA-2006-002 concerns the following vulnerability:


An unauthenticated user may cause execution of arbitrary code in the
Kerberos administration daemon, "kadmind", by causing the RPC library
to call through an uninitialized function pointer.  Compromise of the
Kerberos key database may result.  Third-party server applications
written using the RPC library provided with MIT krb5 may also be

Affected releases are krb5-1.4 through krb5-1.4.4, and krb5-1.5
through krb5-1.5.1.
Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-01-06 13:59:12 UTC
Created attachment 105657 [details, diff]

Cleaned patch from upstream (hopefully no MIME stuff left).
Comment 4 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-01-06 14:01:56 UTC
Exg/Seemant, disclosure in a couple of days. If you want pretesting please attach an updated ebuild to this bug.
Comment 5 Seemant Kulleen (RETIRED) gentoo-dev 2007-01-06 16:30:13 UTC
Hi Sune, thanks -- I'll look at this shortly.  Unfortunately, Emanuele (exg) is no longer with the project :(
Comment 6 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-01-10 04:50:34 UTC
*** Bug 161258 has been marked as a duplicate of this bug. ***
Comment 7 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-01-10 08:38:11 UTC
This is public now. Kerberos please advise.
Comment 8 Seemant Kulleen (RETIRED) gentoo-dev 2007-01-10 14:51:11 UTC
*** Bug 161260 has been marked as a duplicate of this bug. ***
Comment 9 Seemant Kulleen (RETIRED) gentoo-dev 2007-01-10 15:39:08 UTC
security team, I submit 1.5.2 for your review and stabling.  Per conversation with taviso in #gentoo-security, upstream seems to have officially abandoned the 1.4* series of mit-krb5, and are focusing on 1.5* and the new 1.6*.  The possible worrying thing about those series is the lack of --enable-static.
Comment 10 Stefan Cornelius (RETIRED) gentoo-dev 2007-01-10 19:28:28 UTC
arches, please test and stable app-crypt/mit-krb5-1.5.2, thanks
Comment 11 Tobias Scherbaum (RETIRED) gentoo-dev 2007-01-10 20:53:07 UTC
ppc stable, but still p.masked
Comment 12 Seemant Kulleen (RETIRED) gentoo-dev 2007-01-10 21:11:48 UTC
sorry about that: removed from package.mask
Comment 13 Markus Meier gentoo-dev 2007-01-10 22:05:06 UTC
app-crypt/mit-krb5-1.5.2  USE="doc ipv6 krb4 tcl"
1. emerges on x86, please note:
QA Notice: the following files are setXid, dyn linked, and using lazy bindings
LAZY usr/bin/v4rcp

2. passes collision test
3. revdep-rebuild doesn't show nothing broken

Gentoo Base System version 1.12.6
Portage 2.1.1-r2 (default-linux/x86/2006.1/desktop, gcc-4.1.1, glibc-2.4-r4, i686)
System uname: i686 Genuine Intel(R) CPU           T2300  @ 1.66GHz
Last Sync: Wed, 10 Jan 2007 19:30:01 +0000
ccache version 2.4 [disabled]
app-admin/eselect-compiler: [Not Present]
dev-java/java-config: 1.3.7, 2.0.30
dev-lang/python:     2.3.5-r3, 2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     2.4-r6
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.61
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.14
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.17-r2
CFLAGS="-O2 -march=prescott -pipe -fomit-frame-pointer"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c"
CXXFLAGS="-O2 -march=prescott -pipe -fomit-frame-pointer"
FEATURES="autoconfig collision-protect distlocks metadata-transfer parallel-fetch sandbox sfperms strict test userfetch userpriv usersandbox"
LINGUAS="en de en_GB de_CH"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/pack
USE="x86 X a52 aac acpi alsa alsa_cards_ali5451 alsa_cards_als4000 alsa_cards_atiixp alsa_cards_atiixp-modem alsa_cards_bt87x alsa_cards_ca0106 alsa_cards_cmipci alsa_cards_emu10k1x alsa_cards_ens1370 alsa
_cards_ens1371 alsa_cards_es1938 alsa_cards_es1968 alsa_cards_fm801 alsa_cards_hda-intel alsa_cards_intel8x0 alsa_cards_intel8x0m alsa_cards_maestro3 alsa_cards_trident alsa_cards_usb-audio alsa_cards_via8
2xx alsa_cards_via82xx-modem alsa_cards_ymfpci alsa_pcm_plugins_adpcm alsa_pcm_plugins_alaw alsa_pcm_plugins_asym alsa_pcm_plugins_copy alsa_pcm_plugins_dmix alsa_pcm_plugins_dshare alsa_pcm_plugins_dsnoop
 alsa_pcm_plugins_empty alsa_pcm_plugins_extplug alsa_pcm_plugins_file alsa_pcm_plugins_hooks alsa_pcm_plugins_iec958 alsa_pcm_plugins_ioplug alsa_pcm_plugins_ladspa alsa_pcm_plugins_lfloat alsa_pcm_plugin
s_linear alsa_pcm_plugins_meter alsa_pcm_plugins_mulaw alsa_pcm_plugins_multi alsa_pcm_plugins_null alsa_pcm_plugins_plug alsa_pcm_plugins_rate alsa_pcm_plugins_route alsa_pcm_plugins_share alsa_pcm_plugin
s_shm alsa_pcm_plugins_softvol apache2 asf berkdb bitmap-fonts cairo cdr cdrom cli cracklib crypt cups dbus divx dlloader dri dts dvd dvdr dvdread eds elibc_glibc emboss encode fam ffmpeg firefox flac fort
ran gdbm gif gnome gpm gstreamer gtk hal iconv input_devices_keyboard input_devices_mouse ipv6 isdnlog java jpeg kde kdeenablefinal kernel_linux ldap libg++ linguas_de linguas_de_CH linguas_en linguas_en_G
B mad mikmod mmx mono mp3 mpeg ncurses nls nptl nptlonly ogg opengl oss pam pcre perl png ppds pppd python qt3 qt4 quicktime readline reflection rtsp ruby samba sdl session smp spell spl sse sse2 sse3 ssl
svg tcpd test tetex theora threads truetype truetype-fonts type1-fonts udev unicode userland_GNU vcd video_cards_fbdev video_cards_i810 video_cards_vesa vorbis win32codecs wxwindows x264 xine xml xorg xpri
nt xv xvid zlib"
Comment 14 Markus Rothe (RETIRED) gentoo-dev 2007-01-11 10:42:33 UTC
ppc64 stable
Comment 15 Christian Faulhammer (RETIRED) gentoo-dev 2007-01-11 11:52:35 UTC
x86 stable
Comment 16 Chris Gianelloni (RETIRED) gentoo-dev 2007-01-11 13:21:01 UTC
amd64 done
Comment 17 Gustavo Zacarias (RETIRED) gentoo-dev 2007-01-11 13:55:25 UTC
sparc stable.
Comment 18 Guy Martin (RETIRED) gentoo-dev 2007-01-13 14:56:59 UTC
hppa stable.
Comment 19 Bryan Østergaard (RETIRED) gentoo-dev 2007-01-15 18:56:23 UTC
Alpha stable.
Comment 20 Matthias Geerdsen (RETIRED) gentoo-dev 2007-01-24 19:37:43 UTC
GLSA 200701-21
thanks everyone
Comment 21 Brian Harring (RETIRED) gentoo-dev 2007-02-19 12:36:59 UTC
just a note, mips stable is still the vuln version; they've got unstable for the non-vulnerable version, but still needs stabling...