Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 387585 (CVE-2011-1527) - <app-crypt/mit-krb5-{1.8.4-r1,1.9.1-r2} kdc remote unauthenticated DoS (CVE-2011-{1527,1528,1529,4151})
Summary: <app-crypt/mit-krb5-{1.8.4-r1,1.9.1-r2} kdc remote unauthenticated DoS (CVE-2...
Status: RESOLVED FIXED
Alias: CVE-2011-1527
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: http://web.mit.edu/kerberos/advisorie...
Whiteboard: B3 [glsa]
Keywords:
: CVE-2011-4151 (view as bug list)
Depends on:
Blocks:
 
Reported: 2011-10-18 18:56 UTC by Paul B. Henson
Modified: 2012-01-23 20:38 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Paul B. Henson 2011-10-18 18:56:52 UTC
Per referenced URL, the KDC server in kerberos 1.8.x and 1.9.x is vulnerable to a an unauthenticated remote DoS that can crash the KDC.

Patches are available to resolve this issue are available as listed in the announcement.
Comment 1 Eray Aslan gentoo-dev 2011-10-18 20:29:40 UTC
+*mit-krb5-1.9.1-r2 (18 Oct 2011)
+*mit-krb5-1.8.4-r1 (18 Oct 2011)
+
+  18 Oct 2011; Eray Aslan <eras@gentoo.org> +mit-krb5-1.8.4-r1.ebuild,
+  +mit-krb5-1.9.1-r2.ebuild, +files/2011-006-patch-r18.patch,
+  +files/CVE-2011-1527.1528.1529.patch:
+  security bump - bug #387585
+

@security:  We should stabilize both:
    =app-crypt/mit-krb5-1.9.1-r2
    =app-crypt/mit-krb5-1.8.4-r1

Thank you.
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2011-10-18 20:46:56 UTC
(In reply to comment #1)
> 
> @security:  We should stabilize both:
>     =app-crypt/mit-krb5-1.9.1-r2
>     =app-crypt/mit-krb5-1.8.4-r1
> 

Thanks, Eray.

Arches, please test and mark stable:
=app-crypt/mit-krb5-1.8.4-r1
Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"

=app-crypt/mit-krb5-1.9.1-r2
Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"
Comment 3 Jeroen Roovers (RETIRED) gentoo-dev 2011-10-19 09:13:55 UTC
Stable for HPPA.
Comment 4 Agostino Sarubbo gentoo-dev 2011-10-19 13:02:20 UTC
amd64 both ok
Comment 5 Ian Delaney (RETIRED) gentoo-dev 2011-10-19 13:39:01 UTC
amd64:

Test failures, appears not a regression.  See 386725 && 354459. Established history.
with combo of use flags;  both emerged fine.  no other issues. Pass other than test phases
Comment 6 Tony Vroon gentoo-dev 2011-10-20 13:08:05 UTC
+  20 Oct 2011; Tony Vroon <chainsaw@gentoo.org> mit-krb5-1.8.4-r1.ebuild,
+  mit-krb5-1.9.1-r2.ebuild:
+  Marked stable on AMD64 based on arch testing by Agostino "ago" Sarubbo & Ian
+  "idella4" Delaney in security bug #387585.
Comment 7 daavelino 2011-10-21 12:00:01 UTC
Just to keep it up to date, CVE-2011-4151 is part of both, problem and solution, pointed here. It is almost the same behaviour of CVE-2011-1528. 

Via: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4151
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2011-10-22 04:39:49 UTC
CVE-2011-1529 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1529):
  The lookup_lockout_policy function in the Key Distribution Center (KDC) in
  MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the
  db2 (aka Berkeley DB) or LDAP back end is used, allows remote attackers to
  cause a denial of service (NULL pointer dereference and daemon crash) via
  vectors that trigger certain process_as_req errors.

CVE-2011-1528 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1528):
  The krb5_ldap_lockout_audit function in the Key Distribution Center (KDC) in
  MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the
  LDAP back end is used, allows remote attackers to cause a denial of service
  (assertion failure and daemon exit) via unspecified vectors, related to the
  locked_check_p function.

CVE-2011-1527 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1527):
  The kdb_ldap plugin in the Key Distribution Center (KDC) in MIT Kerberos 5
  (aka krb5) 1.9 through 1.9.1, when the LDAP back end is used, allows remote
  attackers to cause a denial of service (NULL pointer dereference and daemon
  crash) via a kinit operation with incorrect string case for the realm,
  related to the is_principal_in_realm, krb5_set_error_message,
  krb5_ldap_get_principal, and process_as_req functions.
Comment 9 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-10-22 07:24:27 UTC
x86 stable
Comment 10 Raúl Porcel (RETIRED) gentoo-dev 2011-10-22 12:04:42 UTC
alpha/arm/ia64/s390/sh/sparc stable
Comment 11 Kacper Kowalik (Xarthisius) (RETIRED) gentoo-dev 2011-10-23 08:56:09 UTC
ppc/ppc64 stable, last arch done
Comment 12 Tim Sammut (RETIRED) gentoo-dev 2011-10-23 14:30:41 UTC
Thanks, everyone. GLSA Vote: yes.
Comment 13 Tim Sammut (RETIRED) gentoo-dev 2011-10-23 16:18:14 UTC
*** Bug 388079 has been marked as a duplicate of this bug. ***
Comment 14 Sean Amoss (RETIRED) gentoo-dev Security 2012-01-10 01:23:59 UTC
GLSA vote: yes. Adding to existing request.
Comment 15 GLSAMaker/CVETool Bot gentoo-dev 2012-01-23 20:38:53 UTC
This issue was resolved and addressed in
 GLSA 201201-13 at http://security.gentoo.org/glsa/glsa-201201-13.xml
by GLSA coordinator Sean Amoss (ackle).