Debian Bug report logs -
#773226
CVE-2014-5353: misused policy name crashes KDC
Reported by: Benjamin Kaduk <kaduk@MIT.EDU>
Date: Mon, 15 Dec 2014 20:09:06 UTC
Severity: important
Tags: fixed-upstream, security, upstream
Found in versions krb5/1.8.3+dfsg-4squeeze7, krb5/1.8.3+dfsg-4
Fixed in version krb5/1.12.1+dfsg-16
Done: Benjamin Kaduk <kaduk@mit.edu>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Sam Hartman <hartmans@debian.org>:
Bug#773226; Package krb5-kdc-ldap.
(Mon, 15 Dec 2014 20:09:11 GMT) (full text, mbox, link).
Acknowledgement sent
to Benjamin Kaduk <kaduk@MIT.EDU>:
New Bug report received and forwarded. Copy sent to Sam Hartman <hartmans@debian.org>.
(Mon, 15 Dec 2014 20:09:11 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
package: krb5-kdc-ldap
version: 1.8.3+dfsg-4squeeze7
tags: security pending
Upstream has patched CVE-2014-5353:
In MIT krb5, when kadmind is configured to use LDAP for the KDC
database, an authenticated remote attacker can cause a NULL dereference
by attempting to use a named ticket policy object as a password policy
for a principal. The attacker needs to be authenticated as a user who
has the elevated privilege for setting password policy by adding or
modifying principals.
Queries to LDAP scoped to the krbPwdPolicy object class will correctly
not return entries of other classes, such as ticket policy objects, but
may return success with no returned elements if an object with the
requested DN exists in a different object class. In this case, the
routine to retrieve a password policy returned success with a password
policy object that consisted entirely of zeroed memory. In particular,
accesses to the policy name will dereference a NULL pointer. KDC
operation does not access the policy name field, but most kadmin
operations involving the principal with incorrect password policy
will trigger the crash.
Thanks to Patrik Kis for reporting this problem.
CVSSv2 Vector: AV:N/AC:M/Au:S/C:N/I:N/A:C/E:H/RL:OF/RC:C
Added tag(s) upstream and fixed-upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Mon, 15 Dec 2014 20:21:17 GMT) (full text, mbox, link).
Marked as found in versions krb5/1.8.3+dfsg-4.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Mon, 15 Dec 2014 20:21:18 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Sam Hartman <hartmans@debian.org>:
Bug#773226; Package krb5-kdc-ldap.
(Mon, 15 Dec 2014 20:24:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Benjamin Kaduk <kaduk@MIT.EDU>:
Extra info received and forwarded to list. Copy sent to Sam Hartman <hartmans@debian.org>.
(Mon, 15 Dec 2014 20:24:05 GMT) (full text, mbox, link).
Message #14 received at 773226@bugs.debian.org (full text, mbox, reply):
control: severity -1 important
Sigh, failed to set severity in the initial report.
Severity set to 'important' from 'normal'
Request was from Benjamin Kaduk <kaduk@MIT.EDU>
to 773226-submit@bugs.debian.org.
(Mon, 15 Dec 2014 20:24:05 GMT) (full text, mbox, link).
Reply sent
to Benjamin Kaduk <kaduk@mit.edu>:
You have taken responsibility.
(Tue, 16 Dec 2014 21:24:10 GMT) (full text, mbox, link).
Notification sent
to Benjamin Kaduk <kaduk@MIT.EDU>:
Bug acknowledged by developer.
(Tue, 16 Dec 2014 21:24:10 GMT) (full text, mbox, link).
Message #21 received at 773226-close@bugs.debian.org (full text, mbox, reply):
Source: krb5
Source-Version: 1.12.1+dfsg-16
We believe that the bug you reported is fixed in the latest version of
krb5, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 773226@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Benjamin Kaduk <kaduk@mit.edu> (supplier of updated krb5 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 15 Dec 2014 16:18:26 -0500
Source: krb5
Binary: krb5-user krb5-kdc krb5-kdc-ldap krb5-admin-server krb5-multidev libkrb5-dev libkrb5-dbg krb5-pkinit krb5-otp krb5-doc libkrb5-3 libgssapi-krb5-2 libgssrpc4 libkadm5srv-mit9 libkadm5clnt-mit9 libk5crypto3 libkdb5-7 libkrb5support0 libkrad0 krb5-gss-samples krb5-locales libkrad-dev
Architecture: source all amd64
Version: 1.12.1+dfsg-16
Distribution: unstable
Urgency: medium
Maintainer: Sam Hartman <hartmans@debian.org>
Changed-By: Benjamin Kaduk <kaduk@mit.edu>
Description:
krb5-admin-server - MIT Kerberos master server (kadmind)
krb5-doc - Documentation for MIT Kerberos
krb5-gss-samples - MIT Kerberos GSS Sample applications
krb5-kdc - MIT Kerberos key server (KDC)
krb5-kdc-ldap - MIT Kerberos key server (KDC) LDAP plugin
krb5-locales - Internationalization support for MIT Kerberos
krb5-multidev - Development files for MIT Kerberos without Heimdal conflict
krb5-otp - OTP plugin for MIT Kerberos
krb5-pkinit - PKINIT plugin for MIT Kerberos
krb5-user - Basic programs to authenticate using MIT Kerberos
libgssapi-krb5-2 - MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
libgssrpc4 - MIT Kerberos runtime libraries - GSS enabled ONCRPC
libk5crypto3 - MIT Kerberos runtime libraries - Crypto Library
libkadm5clnt-mit9 - MIT Kerberos runtime libraries - Administration Clients
libkadm5srv-mit9 - MIT Kerberos runtime libraries - KDC and Admin Server
libkdb5-7 - MIT Kerberos runtime libraries - Kerberos database
libkrad-dev - MIT Kerberos RADIUS Library Development
libkrad0 - MIT Kerberos runtime libraries - RADIUS library
libkrb5-3 - MIT Kerberos runtime libraries
libkrb5-dbg - Debugging files for MIT Kerberos
libkrb5-dev - Headers and development libraries for MIT Kerberos
libkrb5support0 - MIT Kerberos runtime libraries - Support library
Closes: 773226 773228
Changes:
krb5 (1.12.1+dfsg-16) unstable; urgency=medium
.
* Import upstream patches for CVE-2014-5353 and CVE-2014-5354,
Closes: #773226, Closes: #773228
Checksums-Sha1:
53ae09e5eef1fcc30a08d3516a994c3cabfeb9b7 3173 krb5_1.12.1+dfsg-16.dsc
5829623240e2363877018cb5ff06dd372c94e32e 108352 krb5_1.12.1+dfsg-16.debian.tar.xz
0e1e5e3019ec376deb12387c4d77e704f675f908 4687506 krb5-doc_1.12.1+dfsg-16_all.deb
781f7de3230e0f7de40efa7ea79909c5d64150c4 2647968 krb5-locales_1.12.1+dfsg-16_all.deb
89a5eedcbf1bd802df5fd4305cc3bcd3b2985df4 136770 krb5-user_1.12.1+dfsg-16_amd64.deb
70c6729f0b1e81650d2ea612026981c5fc061d68 208716 krb5-kdc_1.12.1+dfsg-16_amd64.deb
ce10af2f1499fe482c5e9c71f6f6349f5e021a1b 110594 krb5-kdc-ldap_1.12.1+dfsg-16_amd64.deb
2161bff4c3216afb3f244cafa9eeaa3f1502da14 112774 krb5-admin-server_1.12.1+dfsg-16_amd64.deb
0b3b950641204fc10d22da0950a98144ae9f22f4 144342 krb5-multidev_1.12.1+dfsg-16_amd64.deb
90802af325f021816aa617dd07ff9353ee9fc750 41932 libkrb5-dev_1.12.1+dfsg-16_amd64.deb
712f7bc9a017c12943490de89fc97681aa89ede4 1420824 libkrb5-dbg_1.12.1+dfsg-16_amd64.deb
88985aeabeaf0e10f363aa6537d180b01f06b68f 83110 krb5-pkinit_1.12.1+dfsg-16_amd64.deb
3a4f985101c8a34e1a4fe2c9904b76e4d15d6348 47556 krb5-otp_1.12.1+dfsg-16_amd64.deb
c6a2c5f9d87c075e59e5ca07beee415b79f4f856 302324 libkrb5-3_1.12.1+dfsg-16_amd64.deb
a33da0237b7ed368918e2d868cbb7d9fef3239b8 150396 libgssapi-krb5-2_1.12.1+dfsg-16_amd64.deb
03bdf73fd3524b465c20f68de96040a4b9fb11d2 85574 libgssrpc4_1.12.1+dfsg-16_amd64.deb
489f1544b9e9a1ca920f4d48bfcf83400c9b20cc 82294 libkadm5srv-mit9_1.12.1+dfsg-16_amd64.deb
fa9b984b0187a545b21dffeb0aa2adb76597266c 67672 libkadm5clnt-mit9_1.12.1+dfsg-16_amd64.deb
080fe8af439ddc132891adea838d1679cb949f92 114246 libk5crypto3_1.12.1+dfsg-16_amd64.deb
b9fabbdafd8e805bcb4df29b77f804b7fab769a1 67844 libkdb5-7_1.12.1+dfsg-16_amd64.deb
4e6711d6b1be1f76ebc376408cde84e51662ff20 58348 libkrb5support0_1.12.1+dfsg-16_amd64.deb
bd73c9b28862aef66fb67655852a1c1ff81d40e6 51992 libkrad0_1.12.1+dfsg-16_amd64.deb
1fdf86d082e54776c5d76f880e73ff055dae6993 55228 krb5-gss-samples_1.12.1+dfsg-16_amd64.deb
a062b091aad980b6643042d475e82a2a5a46c95b 42406 libkrad-dev_1.12.1+dfsg-16_amd64.deb
Checksums-Sha256:
f347c9401d56a076177146ba2b8b1e0860e0b9345c8d6fabb661f0701adcdbc9 3173 krb5_1.12.1+dfsg-16.dsc
21a5ad7d0839c202760d4c091faa8d0338e1ab430c1cf8f99c5d7bb8aeeff39b 108352 krb5_1.12.1+dfsg-16.debian.tar.xz
044c25a6212fbbf2947e705fc55b808e2ced710227486e7ee4df31389f893ace 4687506 krb5-doc_1.12.1+dfsg-16_all.deb
de05f12a68c8a44b1688d0652eddfa3a20beb05cc1e6ddce9c90e83070318211 2647968 krb5-locales_1.12.1+dfsg-16_all.deb
dbddf84c3bbd2d3413413dd5dbf43a1b2d3ab19000f704acb6edb981dcb709f7 136770 krb5-user_1.12.1+dfsg-16_amd64.deb
74cdbb40f125f6cbdbd68504c0d626029a77eb33399a1288ad685b0529eaede7 208716 krb5-kdc_1.12.1+dfsg-16_amd64.deb
e5a5bdb47e6f720aa6f198f252ebc156f1d8eb47c5fe2006798f62ab65ab6045 110594 krb5-kdc-ldap_1.12.1+dfsg-16_amd64.deb
5e7bc7f92273c00294a3b582c1830bcaa9fb0d0da08c1b6a231f33175a40ae71 112774 krb5-admin-server_1.12.1+dfsg-16_amd64.deb
ac6d77667b9d16cd82c172f3271ebade356aca2140eea1428fa686e620d4ac46 144342 krb5-multidev_1.12.1+dfsg-16_amd64.deb
523e67e4ec22c5c7ac45b8aa00db854241d27fadb8af434e748aff71971071b7 41932 libkrb5-dev_1.12.1+dfsg-16_amd64.deb
e8110222863eee3b2bc1c36e1ca7638a92ccf7d1994504168bdd9b7f58c29b9f 1420824 libkrb5-dbg_1.12.1+dfsg-16_amd64.deb
f91698d86ef3e6a8e3c5587f4f90f33bd358584169d300943ba563384007b23e 83110 krb5-pkinit_1.12.1+dfsg-16_amd64.deb
5463c195115c27c8dbd9b3b8a82ddda22cd66bb602b64830120c72ca5ffaf693 47556 krb5-otp_1.12.1+dfsg-16_amd64.deb
709f07ee36940f929f2c21c28ebd1ccdc6bf0b708dd7b39080efc9c4e54148e8 302324 libkrb5-3_1.12.1+dfsg-16_amd64.deb
fde1cd339a3b6be13d322b3a8baa5732656215ae4f1363c6dbc5e280b5f9948f 150396 libgssapi-krb5-2_1.12.1+dfsg-16_amd64.deb
b383747536d22c87cfa74470e291f8df5d558c6a1cba418d39fb2753780ccad5 85574 libgssrpc4_1.12.1+dfsg-16_amd64.deb
1cd6d4b48c374dba05d0f191f6ed05f7c5a5f85732c86a387f87e7b0782da2f8 82294 libkadm5srv-mit9_1.12.1+dfsg-16_amd64.deb
3c093034c7fa7becbbbc04ac3fe360fb4746844f42517462306f801b22244edd 67672 libkadm5clnt-mit9_1.12.1+dfsg-16_amd64.deb
2d7e131d69c740b6a3294b1e96d2bc7720454d5b2c2b03e07f8ead83040e4822 114246 libk5crypto3_1.12.1+dfsg-16_amd64.deb
52ab8d668e5d645cf4ae1dc8792af49e8c98fd521e623877b9195da92e89cbce 67844 libkdb5-7_1.12.1+dfsg-16_amd64.deb
5da2b3c42d9c5e15fd82f0c9fa062d92ba4c1a0713a659edec48ed99e6ad2574 58348 libkrb5support0_1.12.1+dfsg-16_amd64.deb
f984f5a581d2296c508d542e941addb954039e67b4f2533bf320ce0b6f3b0a95 51992 libkrad0_1.12.1+dfsg-16_amd64.deb
dffb84f53189a1eea485315cebecacb41576af804bf353421da25530b915f9a0 55228 krb5-gss-samples_1.12.1+dfsg-16_amd64.deb
a7e0f7a3866df499ca740ce24f8deb70cadaf9c123d85a142a7d1b71df53d194 42406 libkrad-dev_1.12.1+dfsg-16_amd64.deb
Files:
12151e3a944ae7c32cefdb50bdd703bd 3173 net standard krb5_1.12.1+dfsg-16.dsc
d67428cb0a7086961f79dccd61b8a003 108352 net standard krb5_1.12.1+dfsg-16.debian.tar.xz
8ad06bd9c2ef785a036dbb6d0bd0a71c 4687506 doc optional krb5-doc_1.12.1+dfsg-16_all.deb
437b7adf79bf31facd04406fb10080ae 2647968 localization standard krb5-locales_1.12.1+dfsg-16_all.deb
d41e43af1788a7b290181d27f87cc4b0 136770 net optional krb5-user_1.12.1+dfsg-16_amd64.deb
50cdcc3e592cd54829a353eddde4f0bc 208716 net optional krb5-kdc_1.12.1+dfsg-16_amd64.deb
a00d6dd881bd5eb85a7ecdf250dee698 110594 net extra krb5-kdc-ldap_1.12.1+dfsg-16_amd64.deb
f1226ecb9aaf3a18bea2bfeac973e1aa 112774 net optional krb5-admin-server_1.12.1+dfsg-16_amd64.deb
c6e098e3be54eb1cefc310a482750fad 144342 libdevel optional krb5-multidev_1.12.1+dfsg-16_amd64.deb
d776f13a98e77d5b2b6385bc5ba2154b 41932 libdevel extra libkrb5-dev_1.12.1+dfsg-16_amd64.deb
758ab9898e6965907eed4dd714e7cad6 1420824 debug extra libkrb5-dbg_1.12.1+dfsg-16_amd64.deb
ff47666e542303e52335ce4116c1034c 83110 net extra krb5-pkinit_1.12.1+dfsg-16_amd64.deb
14f5aa1f0d0d830168c2545c0c199aaa 47556 net extra krb5-otp_1.12.1+dfsg-16_amd64.deb
1aa7c2ccb0c062ea8cd9cf36d0ce77a3 302324 libs standard libkrb5-3_1.12.1+dfsg-16_amd64.deb
57c560fed573bbb93e214479aa0b95cc 150396 libs standard libgssapi-krb5-2_1.12.1+dfsg-16_amd64.deb
9d5f80d330fb9d25960ade613cf3f237 85574 libs standard libgssrpc4_1.12.1+dfsg-16_amd64.deb
c6a4c2fc037ebb862da4cf7c9e2ab815 82294 libs standard libkadm5srv-mit9_1.12.1+dfsg-16_amd64.deb
2035929bd715bf395ba36deba349a376 67672 libs standard libkadm5clnt-mit9_1.12.1+dfsg-16_amd64.deb
0ad0feadf2d678828659e546142f4382 114246 libs standard libk5crypto3_1.12.1+dfsg-16_amd64.deb
ae6db56686dad646b5d984d5184d9ac2 67844 libs standard libkdb5-7_1.12.1+dfsg-16_amd64.deb
6e9836d5f21576890e0fd37953484580 58348 libs standard libkrb5support0_1.12.1+dfsg-16_amd64.deb
c1e2af0b0ade0ca99a8739569e3b2e3e 51992 libs standard libkrad0_1.12.1+dfsg-16_amd64.deb
0ec6128c432be2688cf138b05edd6f2c 55228 net extra krb5-gss-samples_1.12.1+dfsg-16_amd64.deb
afc55dd0a4f0794af9fe55ee0e5f8c1e 42406 libdevel extra libkrad-dev_1.12.1+dfsg-16_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQGgBAEBCgAGBQJUj1K7AAoJECjZpvNk63US8aUMIOduQ8eoRdEOZqE87z19B02S
CCF31DonLv/PhAt0IyEIEVYcgC3btrpXJUNvSGqYullfgFZGin0AjtA16U5H2yQB
zYFj3A66UPp805Go7F30mBfjqKNnT5E/Z+RgsKTRsvYomzxsUwsLrPu1hTTmcsH3
BSMT9Uq8YyzfBKXWpWim3ukJpGxFEMQs1uQ6hhSVeVFyAeV0Y0nccO7P2yVYkY0P
1VdeJwh7GnUGnLu8mNoT0GqBofpAvnioWr6H6H1azkHCar7sCY4sFrRqDgProoGG
QDS+/nVpaDonf/JNaLnKa2a1Wx9x1muWmimRXJeD8wEBm77G+bzSFyAFSOHAoCFH
JAjYva4Wh6UZ5LsPqBfPF7u9RqQ6Qzw5kspQm6g6fFC9I6hphLWYBpRUA3Y8SnXz
PbDsPP2ADyFAHTHJ1DB/1G/luM41V31pe7A3GHMLSJvip15bbcW4qo7y8A4zXU7A
fPMTwZ3J86C6Mzem33lp3rfVW/ntqWbYAPL2EOLxQ/BrFoQ=
=fHgy
-----END PGP SIGNATURE-----
Information forwarded
to debian-bugs-dist@lists.debian.org, Sam Hartman <hartmans@debian.org>:
Bug#773226; Package krb5-kdc-ldap.
(Tue, 16 Dec 2014 23:06:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Benjamin Kaduk <kaduk@MIT.EDU>:
Extra info received and forwarded to list. Copy sent to Sam Hartman <hartmans@debian.org>.
(Tue, 16 Dec 2014 23:06:04 GMT) (full text, mbox, link).
Message #26 received at 773226@bugs.debian.org (full text, mbox, reply):
I don't think we had noted in the BTS that the unblock request for this
version was #771106; in any case, jmw has entered in the needed britney
hint, so these fixes should migrate to jessie eventually.
I'll leave it to the security team to decide if they want to ask for the
package to be aged a bit to have it migrate sooner.
-Ben
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 19 Jan 2015 07:27:23 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:55:12 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon