From secunia at $URL:
Two vulnerabilities have been reported in Kerberos, which can be exploited by malicious people to potentially compromise a vulnerable system.
1) An error within the "kdc_handle_protected_negotiation()" function (src/kdc/kdc_util.c) when creating a checksum does not properly verify the key type and can be exploited to free an uninitialized pointer via a specially crafted AS-REQ.
This vulnerability is reported in krb5-1.8 and later only.
2) An uninitialized pointer dereference error within the "finish_process_as_req()" function (src/kdc/do_as_req.c) can be exploited to corrupt the memory by sending a specially crafted AS-REQ.
This vulnerability is reported in krb5-1.10 and later only.
Successful exploitation of these vulnerabilities may allow execution of arbitrary code.
Apply the patch (fixes are scheduled for the upcoming release of krb5-1.10.3 and krb5-1.9.5).
Further details available in Customer Area
Provided and/or discovered by
The vendor credits Emmanuel Bouillon, NCI Agency.
+*mit-krb5-1.10.2-r1 (01 Aug 2012)
+*mit-krb5-1.9.4-r1 (01 Aug 2012)
+ 01 Aug 2012; Eray Aslan <firstname.lastname@example.org> +mit-krb5-1.9.4-r1.ebuild,
+ +mit-krb5-1.10.2-r1.ebuild, +files/CVE-2012-1014.patch,
+ Security bump - bug #429324
@security: We should stabilize both =app-crypt/mit-krb5-1.9.4-r1 and =app-crypt/mit-krb5-1.10.2-r1. But please note that =app-crypt/mit-krb5-1.10.2-r1 has additional keyword/stabilization requirements - see bug #412489.
(In reply to comment #1)
> @security: We should stabilize both =app-crypt/mit-krb5-1.9.4-r1 and
> =app-crypt/mit-krb5-1.10.2-r1. But please note that
> =app-crypt/mit-krb5-1.10.2-r1 has additional keyword/stabilization
> requirements - see bug #412489.
1.10 never had stable keyword, so no need to stabilize here and cause delay because of missing keywords.
We stabilize only 1.9.
Arches, please test and mark stable:
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
(In reply to comment #2)
> Arches, please test and mark stable:
> Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
Stable for HPPA.
The kdc_handle_protected_negotiation function in the Key Distribution Center
(KDC) in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x before 1.9.5, and 1.10.x
before 1.10.3 attempts to calculate a checksum before verifying that the key
type is appropriate for a checksum, which allows remote attackers to execute
arbitrary code or cause a denial of service (uninitialized pointer free,
heap memory corruption, and daemon crash) via a crafted AS-REQ request.
The process_as_req function in the Key Distribution Center (KDC) in MIT
Kerberos 5 (aka krb5) 1.10.x before 1.10.3 does not initialize a certain
structure member, which allows remote attackers to cause a denial of service
(uninitialized pointer dereference and daemon crash) or possibly execute
arbitrary code via a malformed AS-REQ request.
ppc/ppc64 stable, last arch done
New GLSA request filed.
This issue was resolved and addressed in
GLSA 201312-12 at http://security.gentoo.org/glsa/glsa-201312-12.xml
by GLSA coordinator Sergey Popov (pinkbyte).