From ${URL} : An authenticated remote attacker can retrieve the current keys for a service principal when generating a new set of keys for that principal. The attacker needs to be authenticated as a user who has the elevated privilege for randomizing the keys of other principals. Normally, when a Kerberos administrator randomizes the keys of a service principal, kadmind returns only the new keys. This prevents an administrator who lacks legitimate privileged access to a service from forging tickets to authenticate to that service. If the "keepold" flag to the kadmin randkey RPC operation is true, kadmind retains the old keys in the KDC database as intended, but also unexpectedly returns the old keys to the client, which exposes the service to ticket forgery attacks from the administrator. A mitigating factor is that legitimate clients of the affected service will start failing to authenticate to the service once they begin to receive service tickets encrypted in the new keys. The affected service will be unable to decrypt the newly issued tickets, possibly alerting the legitimate administrator of the affected service. "" Upstream patch: https://github.com/krb5/krb5/commit/af0ed4df4dfae762ab5fb605f5a0c8f59cb4f6ca References: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8018 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
This is Fixed in version: 1.13 (currently in testing) http://krbdev.mit.edu/rt/Ticket/Display.html?id=8018 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Arches, please test and mark stable =app-crypt/mit-krb5-1.13. Thank you. Target Keywords="alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"
I guess this has to be STABLEREQ, not KEYWORDREQ.
Stable for HPPA.
arm stable
amd64 stable
x86 stable
ppc stable
ppc64 stable
ia64 stable
Stable on alpha.
sparc stable GLSA vote: yes. @maintainers, please cleanup.
CVE-2014-5351 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5351): The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.
Added to existing glsa draft
This issue was resolved and addressed in GLSA 201412-53 at http://security.gentoo.org/glsa/glsa-201412-53.xml by GLSA coordinator Mikle Kolyada (Zlogene).
