Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 519518 (CVE-2014-4345) - <app-crypt/mit-krb5-1.12.2: buffer overrun in kadmind with LDAP backend (MITKRB5-SA-2014-001) (CVE-2014-4345)
Summary: <app-crypt/mit-krb5-1.12.2: buffer overrun in kadmind with LDAP backend (MITK...
Alias: CVE-2014-4345
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: B2 [glsa]
Depends on:
Reported: 2014-08-09 17:15 UTC by Agostino Sarubbo
Modified: 2014-12-31 14:56 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2014-08-09 17:15:04 UTC
From ${URL} :

Upstream released advisory [1] which fixes out-of-bounds write (buffer overflow)
Summary from the advisory:
In MIT krb5, when kadmind is configured to use LDAP for the KDC
database, an authenticated remote attacker can cause it to perform an
out-of-bounds write (buffer overflow).  This is not a protocol
vulnerability.  Using LDAP for the KDC database is a non-default
configuration for the KDC.

Further technical details and patches are available on the advisory page as well.

External References:

@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Eray Aslan gentoo-dev 2014-08-13 14:03:06 UTC
+*mit-krb5-1.12.2 (13 Aug 2014)
+  13 Aug 2014; Eray Aslan <> +mit-krb5-1.12.2.ebuild:
+  Security bump - bug #519518

Arches, please test and mark stabile =app-crypt/mit-krb5-1.12.2.  Thank you.

Target keywords: "alpha amd64 arm ~arm64 hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86"
Comment 2 Jeroen Roovers (RETIRED) gentoo-dev 2014-08-14 00:12:09 UTC
Stable for HPPA.
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2014-08-16 20:07:00 UTC
CVE-2014-4345 (
  Off-by-one error in the krb5_encode_krbsecretkey function in
  plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in
  kadmind in MIT Kerberos 5 (aka krb5) 1.6.x through 1.11.x before 1.11.6 and
  1.12.x before 1.12.2 allows remote authenticated users to cause a denial of
  service (buffer overflow) or possibly execute arbitrary code via a series of
  "cpw -keepold" commands.
Comment 4 Yury German Gentoo Infrastructure gentoo-dev 2014-08-16 20:10:47 UTC
Arches, please test and mark stable:


Target Keywords : "alpha amd64 arm hppa ia64 ppc ppc64 spark x86"

Thank you!
Comment 5 Agostino Sarubbo gentoo-dev 2014-08-19 06:43:26 UTC
amd64 stable
Comment 6 Agostino Sarubbo gentoo-dev 2014-08-19 06:44:12 UTC
x86 stable
Comment 7 Agostino Sarubbo gentoo-dev 2014-08-19 07:36:39 UTC
ia64 stable
Comment 8 Agostino Sarubbo gentoo-dev 2014-08-19 08:49:29 UTC
ppc64 stable
Comment 9 Agostino Sarubbo gentoo-dev 2014-08-21 09:46:29 UTC
ppc stable
Comment 10 Agostino Sarubbo gentoo-dev 2014-08-24 09:03:02 UTC
alpha stable
Comment 11 Agostino Sarubbo gentoo-dev 2014-08-24 09:04:29 UTC
arm stable
Comment 12 Agostino Sarubbo gentoo-dev 2014-09-19 10:35:17 UTC
sparc stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 13 GLSAMaker/CVETool Bot gentoo-dev 2014-12-31 14:56:00 UTC
This issue was resolved and addressed in
 GLSA 201412-53 at
by GLSA coordinator Mikle Kolyada (Zlogene).