Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 458712 (CVE-2013-1415) - <app-crypt/mit-krb5-1.11.1: PKINIT null pointer deref (CVE-2013-1415)
Summary: <app-crypt/mit-krb5-1.11.1: PKINIT null pointer deref (CVE-2013-1415)
Alias: CVE-2013-1415
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [noglsa]
Depends on:
Reported: 2013-02-22 11:02 UTC by Eray Aslan
Modified: 2013-04-10 21:04 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Eray Aslan gentoo-dev 2013-02-22 11:02:53 UTC
PKINIT null pointer deref [CVE-2013-1415]
Don't dereference a null pointer when cleaning up.

The KDC plugin for PKINIT can dereference a null pointer when a
malformed packet causes processing to terminate early, leading to
a crash of the KDC process.  An attacker would need to have a valid
PKINIT certificate or have observed a successful PKINIT authentication,
or an unauthenticated attacker could execute the attack if anonymous
PKINIT is enabled.

CVSSv2 vector: AV:N/AC:M/Au:N/C:N/I:N/A:C/E:P/RL:O/RC:C

This bug has been present since the initial import of PKINIT for 1.6.3; all later releases are affected.
Comment 1 Eray Aslan gentoo-dev 2013-02-22 11:09:32 UTC
+*mit-krb5-1.11.1 (22 Feb 2013)
+  22 Feb 2013; Eray Aslan <> +mit-krb5-1.11.1.ebuild:
+  Security bump - bug #458712

@security: We can stabilize =app-crypt/mit-krb5-1.11.1.  But please note that a bunch of keywords are missing (see bug #412489).  Thanks.
Comment 2 Eray Aslan gentoo-dev 2013-03-03 19:00:24 UTC
As requested by Ago on irc:

Arches, please test and mark stable =app-crypt/mit-krb5-1.11.1.   Thank you.

Target keywords:
alpha amd64 arm hppa ia64 ~mips ppc ppc64 s390 sh sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos
Comment 3 Agostino Sarubbo gentoo-dev 2013-03-03 19:03:20 UTC
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2013-03-03 19:04:22 UTC
x86 stable
Comment 5 Agostino Sarubbo gentoo-dev 2013-03-03 19:05:13 UTC
ppc stable
Comment 6 Agostino Sarubbo gentoo-dev 2013-03-03 19:08:20 UTC
ppc64 stable
Comment 7 Agostino Sarubbo gentoo-dev 2013-03-03 19:43:32 UTC
arm stable
Comment 8 Agostino Sarubbo gentoo-dev 2013-03-03 19:45:45 UTC
alpha stable
Comment 9 Agostino Sarubbo gentoo-dev 2013-03-03 20:08:33 UTC
ia64 stable
Comment 10 Agostino Sarubbo gentoo-dev 2013-03-03 20:28:04 UTC
s390 stable
Comment 11 Agostino Sarubbo gentoo-dev 2013-03-03 20:43:00 UTC
sparc stable
Comment 12 Agostino Sarubbo gentoo-dev 2013-03-03 22:45:10 UTC
hppa stable
Comment 13 GLSAMaker/CVETool Bot gentoo-dev 2013-03-05 22:46:21 UTC
CVE-2013-1415 (
  The pkinit_check_kdc_pkid function in
  plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation
  in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before
  1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during
  extraction of fields from an X.509 certificate, which allows remote
  attackers to cause a denial of service (NULL pointer dereference and daemon
  crash) via a malformed KRB5_PADATA_PK_AS_REQ AS-REQ request.
Comment 14 Agostino Sarubbo gentoo-dev 2013-03-06 10:28:03 UTC
sh stable
Comment 15 Tobias Heinlein (RETIRED) gentoo-dev 2013-03-24 19:41:12 UTC
Ready for vote, I vote NO.
Comment 16 Sean Amoss (RETIRED) gentoo-dev Security 2013-04-10 21:04:56 UTC
GLSA vote: no.

Closing noglsa.