Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 649610 (CVE-2018-5729, CVE-2018-5730) - <app-crypt/mit-krb5-1.16-r2: two vulnerabilities with Kerberos LDAP database (CVE-2018-{5729,5730})
Summary: <app-crypt/mit-krb5-1.16-r2: two vulnerabilities with Kerberos LDAP database ...
Status: RESOLVED FIXED
Alias: CVE-2018-5729, CVE-2018-5730
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor
Assignee: Gentoo Security
URL:
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2018-03-05 09:05 UTC by Agostino Sarubbo
Modified: 2018-06-18 18:31 UTC (History)
1 user (show)

See Also:
Package list:
app-crypt/mit-krb5-1.16-r2
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2018-03-05 09:05:00 UTC
From https://bugzilla.redhat.com/show_bug.cgi?id=1551083:

A flaw was found in MIT krb5 1.6 or later, an authenticated kadmin user with permission to add principals to an LDAP Kerberos database can cause a null dereference in kadmind, or circumvent a DN 
container check, by supplying tagged data intended to be internal to the database module.


Reference:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891869

Upstream patch:
https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1



From https://bugzilla.redhat.com/show_bug.cgi?id=1551082:

A flaw was found in MIT krb5 1.6 or later, an authenticated kadmin user with permission to add principals to an LDAP Kerberos database can circumvent a DN containership check by supplying both a 
"linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN.


Reference:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891869

Upstream patch:
https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Eray Aslan gentoo-dev 2018-04-13 07:08:40 UTC
Arches, please test and mark stable
=app-crypt/mit-krb5-1.16-r2

Target Keywords=alpha amd64 arm ~arm64 hppa ia64 ~mips ppc ppc64 ~s390 ~sh ~sparc x86
Comment 2 Larry the Git Cow gentoo-dev 2018-04-14 16:28:22 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=57ab8b39b04c721a46bd13e751e154f93006ea17

commit 57ab8b39b04c721a46bd13e751e154f93006ea17
Author:     Aaron Bauman <bman@gentoo.org>
AuthorDate: 2018-04-14 16:19:05 +0000
Commit:     Aaron Bauman <bman@gentoo.org>
CommitDate: 2018-04-14 16:28:08 +0000

    app-crypt/mit-krb5: amd64 stable
    
    Bug: https://bugs.gentoo.org/649610
    Package-Manager: Portage-2.3.28, Repoman-2.3.9

 app-crypt/mit-krb5/mit-krb5-1.16-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)}
Comment 3 Larry the Git Cow gentoo-dev 2018-04-15 18:29:03 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e1e14128f41ee993f0d861313849f4cbe1fe7e40

commit e1e14128f41ee993f0d861313849f4cbe1fe7e40
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2018-04-15 18:28:53 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-04-15 18:28:53 +0000

    app-crypt/mit-krb5: stable 1.16-r2 for ia64, bug #649610
    
    Bug: https://bugs.gentoo.org/649610
    Package-Manager: Portage-2.3.28, Repoman-2.3.9
    RepoMan-Options: --include-arches="ia64"

 app-crypt/mit-krb5/mit-krb5-1.16-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)}
Comment 4 Thomas Deutschmann (RETIRED) gentoo-dev 2018-04-15 18:58:59 UTC
x86 stable
Comment 5 Larry the Git Cow gentoo-dev 2018-04-15 19:13:04 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8e3458d65b6058e5d7b20eeb3f73679e3ce7c437

commit 8e3458d65b6058e5d7b20eeb3f73679e3ce7c437
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2018-04-15 19:12:54 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-04-15 19:12:54 +0000

    app-crypt/mit-krb5: stable 1.16-r2 for ppc64, bug #649610
    
    Bug: https://bugs.gentoo.org/649610
    Package-Manager: Portage-2.3.28, Repoman-2.3.9
    RepoMan-Options: --include-arches="ppc64"

 app-crypt/mit-krb5/mit-krb5-1.16-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)}
Comment 6 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2018-04-21 09:17:02 UTC
arm stable
Comment 7 Matt Turner gentoo-dev 2018-04-22 20:20:28 UTC
hppa stable
Comment 8 Matt Turner gentoo-dev 2018-04-22 20:29:31 UTC
alpha stable
Comment 9 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2018-05-27 20:43:46 UTC
ppc stable
Comment 10 Larry the Git Cow gentoo-dev 2018-05-29 05:35:33 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f8add4b0c136d36326c4fd0b4bd9652d2f6c82b1

commit f8add4b0c136d36326c4fd0b4bd9652d2f6c82b1
Author:     Eray Aslan <eras@gentoo.org>
AuthorDate: 2018-05-29 05:35:10 +0000
Commit:     Eray Aslan <eras@gentoo.org>
CommitDate: 2018-05-29 05:35:10 +0000

    app-crypt/mit-krb5: remove vulnerable
    
    Bug: https://bugs.gentoo.org/649610
    Package-Manager: Portage-2.3.40, Repoman-2.3.9

 app-crypt/mit-krb5/mit-krb5-1.16.ebuild | 151 --------------------------------
 1 file changed, 151 deletions(-)
Comment 11 Aaron Bauman (RETIRED) gentoo-dev 2018-05-29 13:35:45 UTC
GLSA Vote: No
Comment 12 Larry the Git Cow gentoo-dev 2018-06-18 18:31:48 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7bbeb00ba4ff3e9d35fec18deb05597c3ee09b67

commit 7bbeb00ba4ff3e9d35fec18deb05597c3ee09b67
Author:     Rolf Eike Beer <eike@sf-mail.de>
AuthorDate: 2018-06-18 16:29:30 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-06-18 18:30:55 +0000

    app-crypt/mit-krb5: stable 1.16-r2 for sparc
    
    Bug: https://bugs.gentoo.org/649610
    Package-Manager: Portage-2.3.24, Repoman-2.3.6
    RepoMan-Options: --include-arches="sparc"

 app-crypt/mit-krb5/mit-krb5-1.16-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)