kadmind 1.6.3 crashes when a newer mit kadmin client (like 1.8.1) connects to it. mit-krb5-1.8.1 has been marked stable in freebsd systems, and now kadmind servers that freebsd clients connect to crash when the 1.8.1 kadmin client connects to them. The referenced URL describes a patch put out by the kerberos team via a security advisory to address this problem in version 1.6.3 of mit-krb5. versions 1.7 and beyond are unaffected by this issue. Reproducible: Sometimes Steps to Reproduce: 1. Run mit kadmind on a 1.6.3 server 2. Connect to mit kadmind via mit kadmin 1.8.1 3. usually watch it (kadmind) crash with no log message explaining why... occasionally see it connect properly A patch is available to address this issue. Either apply the patch and stay with 1.6.3 (currently marked stable) or update to 1.8.1 (gentoo marks as unstable atm).
Created attachment 233357 [details, diff] patch to the 1.6.3-r6 ebuild to apply the mit-kerberos SA patch to fix this issue This ebuild patch (against app-crypt/mit-krb5-1.6.3-r6.ebuild) applies the SA patch in the referenced URL. The ebuild patch expects to find this SA patch in the ${FILESDIR}. Appears to work properly on my system.
Hello Richard, thanks for the report, but i had to guess category/package out of the URL (knowing something about the different kerberos implementations), please add this next time. Michael
Kerberos herd, please provide an updated ebuild (see URL for patch) Please file security bugs in the "Gentoo Security" product of Bugzilla (usually with component "Vulnerabilities"
(In reply to comment #3) > Kerberos herd, please provide an updated ebuild (see URL for patch) NACK. mit-krb5-1.6.3 should not be used anymore. It is too old and has too many security problems. Correct fix is to stabilize mit-krb5-1.8.2. I can open a stabilization bug for =app-crypt/mit-krb5-1.8.2 but would prefer if you do (as a real dev).
CVE-2010-0629 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0629): Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an invalid API version number.
Stabilization request for app-crypt/mit-krb5-1.8.2 at bug #323525
We stabilized a fixed package via bug 323525. GLSA Vote: Yes.
Added to pending glsa.
This issue was resolved and addressed in GLSA 201201-13 at http://security.gentoo.org/glsa/glsa-201201-13.xml by GLSA coordinator Sean Amoss (ackle).