Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 183338 - app-crypt/mit-krb5 uninitialized pointer free, integer conversion, stack buffer overflow (CVE-2007-{2442|2443|2798})
Summary: app-crypt/mit-krb5 uninitialized pointer free, integer conversion, stack buff...
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High critical (vote)
Assignee: Gentoo Security
Whiteboard: B0? [glsa] jaervosz
Depends on:
Reported: 2007-06-26 23:11 UTC by Heath Caldwell (RETIRED)
Modified: 2020-04-02 21:47 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Heath Caldwell (RETIRED) gentoo-dev 2007-06-26 23:11:37 UTC
* VU#356961 - MIT Kerberos RPC library gssrpc__svcauth_gssapi() uninitialized pointer free vulnerability
      A vulnerability in the MIT Kerberos administration daemon (kadmind) may allow an uninitialized pointer to be freed, which may allow a remote, unauthenticated user to execute arbitrary code. This vulnerability can be triggered by sending a specially crafted Kerberos message to a vulnerable system.

    * VU#365313 - MIT Kerberos kadmind RPC library gssrpc__svcauth_unix() integer conversion error
      An integer conversion error vulnerability exists in the MIT Kerberos kadmind that may allow a remote, unauthenticated user to execute arbitrary code.

    * VU#554257 - MIT Kerberos kadmind principal renaming stack buffer overflow
      A stack buffer overflow exists in the way the MIT Kerberos kadmind handles the principle renaming operation, which may allow a remote, authenticated user to execute arbitrary code.

Reproducible: Didn't try

Steps to Reproduce:

May also be related to:
CVE-2007-2442 krb5 RPC library unitialized pointer free,                                                                                                                                              
CVE-2007-2443 krb5 RPC library stack overflow, and  
CVE-2007-2798 krb5 kadmind buffer overflow,
which are still under review.
Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-06-28 04:50:12 UTC
Kerberos please provide the updated ebuild.
Comment 2 Seemant Kulleen (RETIRED) gentoo-dev 2007-07-03 14:48:03 UTC
mit-krb5-1.5.2-r3 and mit-krb5-1.5.3 both solve this bug.

Please stable both, if possible.
Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-07-15 07:43:49 UTC
Sorry for calling arches SO late, I've been out of the loop for a few weeks.

Arches please test and mark stable mit-krb5-1.5.2-r3 or mit-krb5-1.5.3. Target keywords are:

"alpha amd64 arm hppa ia64 m68k mips ppc ppc64 s390 sh sparc x86"
Comment 4 Raúl Porcel (RETIRED) gentoo-dev 2007-07-15 13:09:26 UTC
alpha/ia64/x86 stable
Comment 5 Steve Dibb (RETIRED) gentoo-dev 2007-07-15 16:28:36 UTC
amd64 stable
Comment 6 Tobias Scherbaum (RETIRED) gentoo-dev 2007-07-15 21:02:06 UTC
ppc stable
Comment 7 Jeroen Roovers (RETIRED) gentoo-dev 2007-07-16 07:18:55 UTC
Both stable for HPPA.
Comment 8 Gustavo Zacarias (RETIRED) gentoo-dev 2007-07-16 12:08:17 UTC
sparc stable.
Comment 9 Markus Rothe (RETIRED) gentoo-dev 2007-07-16 18:58:12 UTC
=app-crypt/mit-krb5-1.5.3 stable on ppc64
Comment 10 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2007-07-25 22:32:00 UTC
GLSA 200707-11, thanks to everybody !