Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 419765 (CVE-2012-1013) - <app-crypt/mit-krb5-1.9.4 : "check_1_6_dummy()" Denial of Service Weakness (CVE-2012-{1012,1013})
Summary: <app-crypt/mit-krb5-1.9.4 : "check_1_6_dummy()" Denial of Service Weakness (C...
Status: RESOLVED FIXED
Alias: CVE-2012-1013
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://secunia.com/advisories/49346/
Whiteboard: B3 [glsa?]
Keywords:
Depends on:
Blocks:
 
Reported: 2012-06-05 14:00 UTC by Agostino Sarubbo
Modified: 2012-08-14 16:10 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2012-06-05 14:00:03 UTC
From secunia security advisory at $URL:

Description
A weakness has been reported in Kerberos, which can be exploited by malicious users to cause a DoS (Denial of Service).

The vulnerability is caused due to a NULL pointer dereference error in the "check_1_6_dummy()" function in src/lib/kadm5/srv/svr_principal.c. This can be exploited to cause a crash via a create-principal request containing no password but the KRB5_KDB_DISALLOW_ALL_TIX flag.

Successful exploitation requires an administrator account with "create" privileges.

The weakness is reported in versions prior to 1.10.2.


Solution
Update to version 1.10.2.
Comment 1 Eray Aslan gentoo-dev 2012-06-05 14:16:12 UTC
+*mit-krb5-1.10.2 (05 Jun 2012)
+
+  05 Jun 2012; Eray Aslan <eras@gentoo.org> +mit-krb5-1.10.2.ebuild:
+  security bump - bug #419765
+

@security.  We can stabilize =app-crypt/mit-krb5-1.10.2.  But there are some keywords missing.  Please see bug #412489.
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2012-06-05 16:58:44 UTC
Thanks, Eray. Given the administrator requirement I think we're ok waiting for bug 412489.
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2012-06-15 19:26:54 UTC
CVE-2012-1013 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1013):
  The check_1_6_dummy function in lib/kadm5/srv/svr_principal.c in kadmind in
  MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x, and 1.10.x before 1.10.2 allows
  remote authenticated administrators to cause a denial of service (NULL
  pointer dereference and daemon crash) via a KRB5_KDB_DISALLOW_ALL_TIX create
  request that lacks a password.

CVE-2012-1012 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1012):
  server/server_stubs.c in the kadmin protocol implementation in MIT Kerberos
  5 (aka krb5) 1.10 before 1.10.1 does not properly restrict access to (1)
  SET_STRING and (2) GET_STRINGS operations, which might allow remote
  authenticated administrators to modify or read string attributes by
  leveraging the global list privilege.
Comment 4 Eray Aslan gentoo-dev 2012-06-23 08:20:26 UTC
+*mit-krb5-1.9.4 (23 Jun 2012)
+
+  23 Jun 2012; Eray Aslan <eras@gentoo.org> +mit-krb5-1.9.4.ebuild:
+  security bump - bug #419765
+

@security: mit-krb5-1.9.4 is released with the fix.  We might want to stabilize =app-crypt/mit-krb5-1.9.4 - which has all the keywords - instead of waiting for  mit-krb5-1.10.2.
Comment 5 Agostino Sarubbo gentoo-dev 2012-06-23 08:30:49 UTC
Thanks Eras.

Arches, please test and mark stable:
=app-crypt/mit-krb5-appl-1.9.4
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
Comment 6 Agostino Sarubbo gentoo-dev 2012-06-23 10:01:28 UTC
amd64 stable
Comment 7 Jeff (JD) Horelick (RETIRED) gentoo-dev 2012-06-25 04:43:32 UTC
x86 stable
Comment 8 Jeroen Roovers gentoo-dev 2012-06-26 01:52:38 UTC
Improvements in the test suite over the old stable.

Stable for HPPA.
Comment 9 Raúl Porcel (RETIRED) gentoo-dev 2012-07-08 14:49:19 UTC
alpha/arm/ia64/s390/sh/sparc stable
Comment 10 Michael Weber (RETIRED) gentoo-dev 2012-07-09 05:18:05 UTC
ppc stable
Comment 11 Agostino Sarubbo gentoo-dev 2012-08-01 16:48:09 UTC
@ppc64, you will continue in bug 429324



@security, please vote.
Comment 12 Tim Sammut (RETIRED) gentoo-dev 2012-08-14 15:46:35 UTC
Thanks, everyone. GLSA Vote: no.
Comment 13 Stefan Behte (RETIRED) gentoo-dev Security 2012-08-14 16:10:38 UTC
Vote: NO, closing noglsa.