Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

krb5: CVE-2018-5729 CVE-2018-5730

Related Vulnerabilities: CVE-2018-5729   CVE-2018-5730  

Source

Debian Bug report logs - #891869
krb5: CVE-2018-5729 CVE-2018-5730

version graph

Package: src:krb5; Maintainer for src:krb5 is Sam Hartman <hartmans@debian.org>;

Reported by: Salvatore Bonaccorso <carnil@debian.org>

Date: Thu, 1 Mar 2018 21:00:02 UTC

Severity: important

Tags: patch, security, upstream

Merged with 889685

Found in versions krb5/1.7dfsg~beta1-1, krb5/1.16-2

Fixed in version krb5/1.16.1-1

Done: Sam Hartman <hartmans@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, team@security.debian.org, Sam Hartman <hartmans@debian.org>:
Bug#891869; Package src:krb5. (Thu, 01 Mar 2018 21:00:05 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, team@security.debian.org, Sam Hartman <hartmans@debian.org>. (Thu, 01 Mar 2018 21:00:05 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: krb5: CVE-2018-5729 CVE-2018-5730
Date: Thu, 01 Mar 2018 21:56:10 +0100
Source: krb5
Version: 1.7dfsg~beta1-1
Severity: important
Tags: patch security upstream

Hi,

the following vulnerabilities were published for krb5.

CVE-2018-5729[0]:
|In MIT krb5 1.6 or later, an authenticated kadmin user with permission
|to add principals to an LDAP Kerberos database can cause a null
|dereference in kadmind, or circumvent a DN container check, by
|supplying tagged data intended to be internal to the database module.
|Thanks to Sharwan Ram and Pooja Anil for discovering the potential
|null dereference.

CVE-2018-5730[1]:
|In MIT krb5 1.6 or later, an authenticated kadmin user with permission
|to add principals to an LDAP Kerberos database can circumvent a DN
|containership check by supplying both a "linkdn" and "containerdn"
|database argument, or by supplying a DN string which is a left
|extension of a container DN string but is not hierarchically within
|the container DN.

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see (but not much, most information is only in
the upstream commit):

[0] https://security-tracker.debian.org/tracker/CVE-2018-5729
[1] https://security-tracker.debian.org/tracker/CVE-2018-5730

Regards,
Salvatore

Marked as found in versions krb5/1.16-2. Request was from Benjamin Kaduk <kaduk@mit.edu> to control@bugs.debian.org. (Sun, 29 Apr 2018 17:30:04 GMT) (full text, mbox, link).

Merged 889685 891869 Request was from Benjamin Kaduk <kaduk@mit.edu> to control@bugs.debian.org. (Sun, 29 Apr 2018 17:30:06 GMT) (full text, mbox, link).

Added tag(s) pending. Request was from Sam Hartman <hartmans@debian.org> to control@bugs.debian.org. (Tue, 17 Jul 2018 12:30:03 GMT) (full text, mbox, link).

Reply sent to Sam Hartman <hartmans@debian.org>:
You have taken responsibility. (Wed, 03 Oct 2018 14:45:08 GMT) (full text, mbox, link).

Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Wed, 03 Oct 2018 14:45:08 GMT) (full text, mbox, link).

Message #16 received at 891869-close@bugs.debian.org (full text, mbox, reply):

From: Sam Hartman <hartmans@debian.org>
To: 891869-close@bugs.debian.org
Subject: Bug#891869: fixed in krb5 1.16.1-1
Date: Wed, 03 Oct 2018 14:42:12 +0000
Source: krb5
Source-Version: 1.16.1-1

We believe that the bug you reported is fixed in the latest version of
krb5, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 891869@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sam Hartman <hartmans@debian.org> (supplier of updated krb5 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 16 Jul 2018 20:09:54 -0400
Source: krb5
Binary: krb5-user krb5-kdc krb5-kdc-ldap krb5-admin-server krb5-kpropd krb5-multidev libkrb5-dev libkrb5-dbg krb5-pkinit krb5-otp krb5-k5tls krb5-doc libkrb5-3 libgssapi-krb5-2 libgssrpc4 libkadm5srv-mit11 libkadm5clnt-mit11 libk5crypto3 libkdb5-9 libkrb5support0 libkrad0 krb5-gss-samples krb5-locales libkrad-dev
Architecture: source
Version: 1.16.1-1
Distribution: unstable
Urgency: medium
Maintainer: Sam Hartman <hartmans@debian.org>
Changed-By: Sam Hartman <hartmans@debian.org>
Description:
 krb5-admin-server - MIT Kerberos master server (kadmind)
 krb5-doc   - documentation for MIT Kerberos
 krb5-gss-samples - MIT Kerberos GSS Sample applications
 krb5-k5tls - TLS plugin for MIT Kerberos
 krb5-kdc   - MIT Kerberos key server (KDC)
 krb5-kdc-ldap - MIT Kerberos key server (KDC) LDAP plugin
 krb5-kpropd - MIT Kerberos key server (Slave KDC Support)
 krb5-locales - internationalization support for MIT Kerberos
 krb5-multidev - development files for MIT Kerberos without Heimdal conflict
 krb5-otp   - OTP plugin for MIT Kerberos
 krb5-pkinit - PKINIT plugin for MIT Kerberos
 krb5-user  - basic programs to authenticate using MIT Kerberos
 libgssapi-krb5-2 - MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
 libgssrpc4 - MIT Kerberos runtime libraries - GSS enabled ONCRPC
 libk5crypto3 - MIT Kerberos runtime libraries - Crypto Library
 libkadm5clnt-mit11 - MIT Kerberos runtime libraries - Administration Clients
 libkadm5srv-mit11 - MIT Kerberos runtime libraries - KDC and Admin Server
 libkdb5-9  - MIT Kerberos runtime libraries - Kerberos database
 libkrad-dev - MIT Kerberos RADIUS Library Development
 libkrad0   - MIT Kerberos runtime libraries - RADIUS library
 libkrb5-3  - MIT Kerberos runtime libraries
 libkrb5-dbg - debugging files for MIT Kerberos
 libkrb5-dev - headers and development libraries for MIT Kerberos
 libkrb5support0 - MIT Kerberos runtime libraries - Support library
Closes: 660767 887937 891869
Changes:
 krb5 (1.16.1-1) unstable; urgency=medium
 .
   * New upstream release
     - Fix flaws in LDAP DN checking, including a null dereference KDC
     crash which could be triggered by kadmin clients with administrative
     privileges [CVE-2018-5729, CVE-2018-5730], Closes: #891869
   * Install kerberos.openldap.ldif, which is probably more useful than
     kerberos.ldif if you're hoping to use the Kerberos schema on Debian.
     Also, the bugs in kerberos.ldif have been corrected; Closes: #660767
   * Suggest krb5-k5tls from krb5-user, Closes: #887937
   * Merge dep8 tests, thanks Canonical  and Andreas Hasenack (LP:
     #1677881)
Checksums-Sha1:
 4f32dc314a81b1c116b0722fad433df4755afe25 3318 krb5_1.16.1-1.dsc
 8353f2d900a7d52499c7c2605d5e295f71dd5e67 9477480 krb5_1.16.1.orig.tar.gz
 792dba93a577693e02be94b46b2ba998283a1e14 97608 krb5_1.16.1-1.debian.tar.xz
Checksums-Sha256:
 1f8cc61d7b29ba4887de0c17504aa64206207da6e46af50eecaef6d0e50a3dfd 3318 krb5_1.16.1-1.dsc
 214ffe394e3ad0c730564074ec44f1da119159d94281bbec541dc29168d21117 9477480 krb5_1.16.1.orig.tar.gz
 3881aefff33f5bfb54c96b1ccd5b20ded07d9890d8dc253acfc260e48d985236 97608 krb5_1.16.1-1.debian.tar.xz
Files:
 890fc0bc22d1e6150c358477812edb1a 3318 net optional krb5_1.16.1-1.dsc
 848e9b80d6aaaa798e3f3df24b83c407 9477480 net optional krb5_1.16.1.orig.tar.gz
 0935eb1e12e404a9a0c3cc7c2ce7c500 97608 net optional krb5_1.16.1-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEE9Li3nMNy++OFgPTCQe7SUh/WssoFAluzj+cACgkQQe7SUh/W
sspa7Af+PLvROWCMRO3IK5L1J6cL0im5wQOCiKMh069X3CLOOXQ0inQxo3A8RA4y
tZfQ20RW3C1V64BkTDq8qoVATfMRLANx1DqSqja2p0vULySBnnHUKkKD8C/fEJ1x
wL5/MGf0HCG/K7fHHAawdQs0zn1TLaYf/JKkoQMXzaE87l6c8iOrNanz8rRf53uB
G35wisFYrn0hQXCPER3VDamJZkBY97QezGQCqk5vH2UBrWSdtkSSdnZu5gxAnGLz
HHVpNuIL5l1yiuMaPD7R2WAjI7dR7WR4iWrIyJaDoJX5+0NUqgX6y/wOz4T8ohna
s8xTVeIgnEjyqZ60fBrfvPABiplCYw==
=tWNz
-----END PGP SIGNATURE-----

Reply sent to Sam Hartman <hartmans@debian.org>:
You have taken responsibility. (Wed, 03 Oct 2018 14:45:09 GMT) (full text, mbox, link).

Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Wed, 03 Oct 2018 14:45:09 GMT) (full text, mbox, link).

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 06 Nov 2018 07:39:11 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 14:00:02 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started