Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 191301 - app-crypt/mit-krb5 < 1.5.3-r1 multiple vulnerabilities (CVE-2007-3999, CVE-2007-4000)
Summary: app-crypt/mit-krb5 < 1.5.3-r1 multiple vulnerabilities (CVE-2007-3999, CVE-20...
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
Whiteboard: B0 [glsa] vorlon
: 191356 191444 (view as bug list)
Depends on:
Reported: 2007-09-04 21:23 UTC by Heath Caldwell (RETIRED)
Modified: 2008-01-10 08:38 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---

Revised patch. (2007-006-patch.txt,1.52 KB, patch)
2007-09-05 21:00 UTC, Heath Caldwell (RETIRED)
no flags Details | Diff
sparc64 emerge --info (sparc64-emerge-info,2.50 KB, text/plain)
2007-09-09 03:59 UTC, Jorge Manuel B. S. Vicetto
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Heath Caldwell (RETIRED) gentoo-dev 2007-09-04 21:23:49 UTC
MITKRB5-SA-2007-006: kadmind RPC lib buffer overflow, uninitialized pointer

[CVE-2007-3999] An unauthenticated remote user may be able to cause a
host running kadmind to execute arbitrary code.

[CVE-2007-4000] An authenticated user with "modify policy" privilege
may be able to cause a host running kadmind to execute arbitrary code.


Reproducible: Always

Steps to Reproduce:
Comment 1 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-09-05 11:03:12 UTC
*** Bug 191356 has been marked as a duplicate of this bug. ***
Comment 2 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-09-05 11:08:32 UTC
kerberos, please advise.
Comment 3 Seemant Kulleen (RETIRED) gentoo-dev 2007-09-05 13:13:29 UTC
I think I have some patches laying around for this fix.  Will report back.
Comment 4 Heath Caldwell (RETIRED) gentoo-dev 2007-09-05 21:00:59 UTC
Created attachment 130116 [details, diff]
Revised patch.


The patch for CVE-2007-3999 has been revised; the patch originally
released for svc_auth_gss.c allowed a 32-byte overflow.  Depending
on the compilation environment and machine architecture, this may or
may not be a significant continued vulnerability.  The new patch
below correctly checks the buffer length.
Comment 5 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-09-06 07:45:44 UTC
*** Bug 191444 has been marked as a duplicate of this bug. ***
Comment 6 Seemant Kulleen (RETIRED) gentoo-dev 2007-09-07 06:27:36 UTC
thanks for that Heath.  New ebuild is 1.5.3-r1.

Arch teams can feel free to do what they need to.
Comment 7 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-09-07 07:52:57 UTC
Thanks Seemant. Arches, please test and mark stable. Target keywords are:
"alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86"
Comment 8 Jeroen Roovers (RETIRED) gentoo-dev 2007-09-07 09:47:39 UTC
Stable for HPPA.
Comment 9 Raúl Porcel (RETIRED) gentoo-dev 2007-09-07 11:39:54 UTC
alpha/ia64/x86 stable
Comment 10 Tobias Scherbaum (RETIRED) gentoo-dev 2007-09-07 14:52:50 UTC
ppc stable
Comment 11 Chris Gianelloni (RETIRED) gentoo-dev 2007-09-07 18:18:39 UTC
amd64 done
Comment 12 Markus Rothe (RETIRED) gentoo-dev 2007-09-08 08:05:48 UTC
ppc64 stable
Comment 13 Jorge Manuel B. S. Vicetto Gentoo Infrastructure gentoo-dev 2007-09-09 03:57:12 UTC
mit-krb5-1.5.3-r1 emerged fine here on sparc64 with both:
app-crypt/mit-krb5-1.5.3-r1 (ipv6 tcl)
Comment 14 Jorge Manuel B. S. Vicetto Gentoo Infrastructure gentoo-dev 2007-09-09 03:59:26 UTC
Created attachment 130389 [details]
sparc64 emerge --info
Comment 15 Matthias Geerdsen (RETIRED) gentoo-dev 2007-09-10 18:48:08 UTC
GLSA drafted and ready for review

sparc team, please test and mark stable
Comment 16 Jeroen Roovers (RETIRED) gentoo-dev 2007-09-11 03:17:47 UTC
Stable for SPARC.
Comment 17 Matthias Geerdsen (RETIRED) gentoo-dev 2007-09-11 20:04:56 UTC
GLSA 200709-01

thanks everyone