krb5: CVE-2014-5355

Debian Bug report logs - #778647
krb5: CVE-2014-5355

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Benjamin Kaduk <kaduk@MIT.EDU>

To: submit@bugs.debian.org

Subject: CVE-2014-5355 in libkrb5

Date: Tue, 17 Feb 2015 16:09:08 -0500 (EST)

package: libkrb5
version: 1.8.3+dfsg-4
tags: security

From upstream's commit message with the fix:

    CVE-2014-5355:

    In MIT krb5, when a server process uses the krb5_recvauth function, an
    unauthenticated remote attacker can cause a NULL dereference by
    sending a zero-byte version string, or a read beyond the end of
    allocated storage by sending a non-null-terminated version string.
    The example user-to-user server application (uuserver) is similarly
    vulnerable to a zero-length or non-null-terminated principal name
    string.

    The krb5_recvauth function reads two version strings from the client
    using krb5_read_message(), which produces a krb5_data structure
    containing a length and a pointer to an octet sequence.  krb5_recvauth
    assumes that the data pointer is a valid C string and passes it to
    strcmp() to verify the versions.  If the client sends an empty octet
    sequence, the data pointer will be NULL and strcmp() will dereference
    a NULL pointer, causing the process to crash.  If the client sends a
    non-null-terminated octet sequence, strcmp() will read beyond the end
    of the allocated storage, possibly causing the process to crash.

    uuserver similarly uses krb5_read_message() to read a client principal
    name, and then passes it to printf() and krb5_parse_name() without
    verifying that it is a valid C string.

    The krb5_recvauth function is used by kpropd and the Kerberized
    versions of the BSD rlogin and rsh daemons.  These daemons are usually
    run out of inetd or in a mode which forks before processing incoming
    connections, so a process crash will generally not result in a
    complete denial of service.

    Thanks to Tim Uglow for discovering this issue.

    CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C

Message #20 received at 778647-close@bugs.debian.org (full text, mbox, reply):

From: Benjamin Kaduk <kaduk@mit.edu>

To: 778647-close@bugs.debian.org

Subject: Bug#778647: fixed in krb5 1.12.1+dfsg-18

Date: Wed, 18 Feb 2015 18:20:01 +0000

Source: krb5
Source-Version: 1.12.1+dfsg-18

We believe that the bug you reported is fixed in the latest version of
krb5, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 778647@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Benjamin Kaduk <kaduk@mit.edu> (supplier of updated krb5 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 18 Feb 2015 12:52:14 -0500
Source: krb5
Binary: krb5-user krb5-kdc krb5-kdc-ldap krb5-admin-server krb5-multidev libkrb5-dev libkrb5-dbg krb5-pkinit krb5-otp krb5-doc libkrb5-3 libgssapi-krb5-2 libgssrpc4 libkadm5srv-mit9 libkadm5clnt-mit9 libk5crypto3 libkdb5-7 libkrb5support0 libkrad0 krb5-gss-samples krb5-locales libkrad-dev
Architecture: source all amd64
Version: 1.12.1+dfsg-18
Distribution: unstable
Urgency: high
Maintainer: Sam Hartman <hartmans@debian.org>
Changed-By: Benjamin Kaduk <kaduk@mit.edu>
Description:
 krb5-admin-server - MIT Kerberos master server (kadmind)
 krb5-doc   - Documentation for MIT Kerberos
 krb5-gss-samples - MIT Kerberos GSS Sample applications
 krb5-kdc   - MIT Kerberos key server (KDC)
 krb5-kdc-ldap - MIT Kerberos key server (KDC) LDAP plugin
 krb5-locales - Internationalization support for MIT Kerberos
 krb5-multidev - Development files for MIT Kerberos without Heimdal conflict
 krb5-otp   - OTP plugin for MIT Kerberos
 krb5-pkinit - PKINIT plugin for MIT Kerberos
 krb5-user  - Basic programs to authenticate using MIT Kerberos
 libgssapi-krb5-2 - MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
 libgssrpc4 - MIT Kerberos runtime libraries - GSS enabled ONCRPC
 libk5crypto3 - MIT Kerberos runtime libraries - Crypto Library
 libkadm5clnt-mit9 - MIT Kerberos runtime libraries - Administration Clients
 libkadm5srv-mit9 - MIT Kerberos runtime libraries - KDC and Admin Server
 libkdb5-7  - MIT Kerberos runtime libraries - Kerberos database
 libkrad-dev - MIT Kerberos RADIUS Library Development
 libkrad0   - MIT Kerberos runtime libraries - RADIUS library
 libkrb5-3  - MIT Kerberos runtime libraries
 libkrb5-dbg - Debugging files for MIT Kerberos
 libkrb5-dev - Headers and development libraries for MIT Kerberos
 libkrb5support0 - MIT Kerberos runtime libraries - Support library
Closes: 778647
Changes:
 krb5 (1.12.1+dfsg-18) unstable; urgency=high
 .
   * Import upstream patch for CVE-2014-5355, Closes: #778647
Checksums-Sha1:
 11df22bb173fd1008ab94b702d5cb08405b5890c 3173 krb5_1.12.1+dfsg-18.dsc
 e275823c7d8edfe0ae012e40b96dc78bc6a41aa1 112588 krb5_1.12.1+dfsg-18.debian.tar.xz
 70e4cab679d96bfde43dd2da4b69899ed08caa82 4687538 krb5-doc_1.12.1+dfsg-18_all.deb
 1cdeecb62a8ba33a52ff0e4e440f0e28863c4ac3 2648132 krb5-locales_1.12.1+dfsg-18_all.deb
 75ba894d1451bab7484d3c84c2e70a5f6fd3dd58 136722 krb5-user_1.12.1+dfsg-18_amd64.deb
 99af426c26c5638ae587874e4b57300642c2af03 209036 krb5-kdc_1.12.1+dfsg-18_amd64.deb
 763d73c74d7f157bd9887edb6ecc0326868cd6e5 110558 krb5-kdc-ldap_1.12.1+dfsg-18_amd64.deb
 8b5a3ed04117ada0b2920c13011fbac3f5806902 113148 krb5-admin-server_1.12.1+dfsg-18_amd64.deb
 1fe4f11849882b8145c67463bdeb956dad42c724 144462 krb5-multidev_1.12.1+dfsg-18_amd64.deb
 796d3a55613663d467686810a6bc802a540a93b5 42086 libkrb5-dev_1.12.1+dfsg-18_amd64.deb
 f5978b7384588d00ea91a7cfd2249821d01b4ca8 1422824 libkrb5-dbg_1.12.1+dfsg-18_amd64.deb
 b181514822dfbc478d577465ceb234135a472b73 83308 krb5-pkinit_1.12.1+dfsg-18_amd64.deb
 a0ff5abf69825d7649c20147a72607716b4bd190 47712 krb5-otp_1.12.1+dfsg-18_amd64.deb
 5b5c8ab8d9f2d9f737441200180ed928b8739255 302852 libkrb5-3_1.12.1+dfsg-18_amd64.deb
 72ac2615a773e3de417db99c0ff0e294d13da606 150478 libgssapi-krb5-2_1.12.1+dfsg-18_amd64.deb
 f749497edb973e40e5d1a416012f16a008566aca 85756 libgssrpc4_1.12.1+dfsg-18_amd64.deb
 f376158768bfb72432ede2fdcd7ecfabeecdde69 82398 libkadm5srv-mit9_1.12.1+dfsg-18_amd64.deb
 dfb83aab5300348825e00b0a524f4ad1cada4b3d 67842 libkadm5clnt-mit9_1.12.1+dfsg-18_amd64.deb
 67b4341efcf0157f494c86d368fb3cdec59346b4 114520 libk5crypto3_1.12.1+dfsg-18_amd64.deb
 3141dc6df9e6de71eed49cfcae8915cc9495bbe8 68164 libkdb5-7_1.12.1+dfsg-18_amd64.deb
 eac178b59a9e9d4c382fc9dce0b992d527230342 58500 libkrb5support0_1.12.1+dfsg-18_amd64.deb
 ca6a33c7f67ffdc230a4d5dd8600065843ed57fd 52162 libkrad0_1.12.1+dfsg-18_amd64.deb
 390d1b63e22c319845aef35ac99bcc043093a262 55352 krb5-gss-samples_1.12.1+dfsg-18_amd64.deb
 f65c8638387dbbc234b589b24ca1cf48cfeafacd 42570 libkrad-dev_1.12.1+dfsg-18_amd64.deb
Checksums-Sha256:
 29254a547c74b8adc9b07e9deb80ebfaaac1149a0bfbe857bd3700d57786afb3 3173 krb5_1.12.1+dfsg-18.dsc
 180ad2b1c22852cb255d70d76ad861e56a74b3e3fda2e2b9c4c643a18dad7161 112588 krb5_1.12.1+dfsg-18.debian.tar.xz
 2e5fff37dfc8bd502ae9b7866c5dee8607c900f9a66e3a63b6c5684f2093d7e8 4687538 krb5-doc_1.12.1+dfsg-18_all.deb
 e547b9360f8d25303e504c413c846fdfd4a62969350fb1504ff6a3e12962ff01 2648132 krb5-locales_1.12.1+dfsg-18_all.deb
 7eb480daf612531807c57fcca42a5ecaf651f21a7494227436e255b2d8cc21b8 136722 krb5-user_1.12.1+dfsg-18_amd64.deb
 a7cccdf6560a2df26dfa8deb409052d284bb0f78ada26da3428fa1b1e3e8366e 209036 krb5-kdc_1.12.1+dfsg-18_amd64.deb
 1a47d342357bb5f3e8d8fab5a5d4b5ca30b537d9e649a1e2a4e0f80c0be151c6 110558 krb5-kdc-ldap_1.12.1+dfsg-18_amd64.deb
 780295d734728285ce5575f58562166cabec061a2da9550a6ab25d166cc4f2a7 113148 krb5-admin-server_1.12.1+dfsg-18_amd64.deb
 4a64d459ed082927113687ed62266cec81771ccd064f201ba1564f1d4934de1c 144462 krb5-multidev_1.12.1+dfsg-18_amd64.deb
 e35a362d1c9c7d2f8437e37b80063eea910ca45865b39aa82005f29d4c7e72b4 42086 libkrb5-dev_1.12.1+dfsg-18_amd64.deb
 53ad55d3971cb9c73546a3919cc4535ec876a72744297fa50b8df47e9db75f77 1422824 libkrb5-dbg_1.12.1+dfsg-18_amd64.deb
 0cf84c0a7f2d53e23ab7ba2c168491d6016250a24c46825fbbcf1ae668f7de3a 83308 krb5-pkinit_1.12.1+dfsg-18_amd64.deb
 171a3830a82f93859b99e7e3cbc6a7ebd3fbd817abb243580592b2f9aa11003b 47712 krb5-otp_1.12.1+dfsg-18_amd64.deb
 e580d935419fce37356197550f0fd057be84291ee200da4c7a733318d6d516a1 302852 libkrb5-3_1.12.1+dfsg-18_amd64.deb
 5fce4e3219be1f63f5cfaab83d4225e6efb532ddb2f5d93b9fdbab536b3172fe 150478 libgssapi-krb5-2_1.12.1+dfsg-18_amd64.deb
 754627a648c77884f4136c38ab507807cdf5b0e63f3ffd347533d2e28dca564a 85756 libgssrpc4_1.12.1+dfsg-18_amd64.deb
 d3123bdfb285d15e6c08545b7702603cef8ec45aafef06ae6a116ef428b7e1bb 82398 libkadm5srv-mit9_1.12.1+dfsg-18_amd64.deb
 960d6d00daa422e5a612ba6271c71fe28a5b4926d583b6a03d26011ce1b4734b 67842 libkadm5clnt-mit9_1.12.1+dfsg-18_amd64.deb
 a14638b05a59c80e963604b2536e4ca51d3d4ca0f77568fa69a6042f1660c15b 114520 libk5crypto3_1.12.1+dfsg-18_amd64.deb
 5c7d2e94418640832dbf525870c61063ba1372783bfb614c32a3750b4565d72e 68164 libkdb5-7_1.12.1+dfsg-18_amd64.deb
 ec26c01b951dc0af0598f869a184c3d4f0f63a998c63460567087e54a3ccc7a0 58500 libkrb5support0_1.12.1+dfsg-18_amd64.deb
 3b3a1c8e6aeef3abbc1a301fdd3c799fec7469066e81dddc47f26ada4c118d4e 52162 libkrad0_1.12.1+dfsg-18_amd64.deb
 99a3d392ba3d5719e33ca00401e8fd0becb0e85b56eaa3572ef5c0bd94f3b639 55352 krb5-gss-samples_1.12.1+dfsg-18_amd64.deb
 d9e3b7fd15b970296c2335899e7e4070469f0bdb07857e961646e537f3060cbf 42570 libkrad-dev_1.12.1+dfsg-18_amd64.deb
Files:
 8595a79b67573a68bb9ab47c7b6754f8 3173 net standard krb5_1.12.1+dfsg-18.dsc
 4708d691f28bfff7de4d15430a0d728e 112588 net standard krb5_1.12.1+dfsg-18.debian.tar.xz
 ed5f437bb992bc1fe796c26c22240ea8 4687538 doc optional krb5-doc_1.12.1+dfsg-18_all.deb
 7ec8cb08df7417b02416bb190a3af2ba 2648132 localization standard krb5-locales_1.12.1+dfsg-18_all.deb
 405a788ea3ae444031154f7123e09506 136722 net optional krb5-user_1.12.1+dfsg-18_amd64.deb
 735d1f6d56f96204740e109abe296bd6 209036 net optional krb5-kdc_1.12.1+dfsg-18_amd64.deb
 13f66fd7f6175e2f59bbdf565907c0a3 110558 net extra krb5-kdc-ldap_1.12.1+dfsg-18_amd64.deb
 b8a932519efe5185dff40b3bf71851fb 113148 net optional krb5-admin-server_1.12.1+dfsg-18_amd64.deb
 3d3e5e9d5c0ab824a98ffe1d6320d7f1 144462 libdevel optional krb5-multidev_1.12.1+dfsg-18_amd64.deb
 faaa3192294e9941c2d40b3ac3bb8c81 42086 libdevel extra libkrb5-dev_1.12.1+dfsg-18_amd64.deb
 1abb86e62f99047bb9f4887ee71f11cd 1422824 debug extra libkrb5-dbg_1.12.1+dfsg-18_amd64.deb
 21f84f85ddcbbbc4eeaf0166e5307b44 83308 net extra krb5-pkinit_1.12.1+dfsg-18_amd64.deb
 4702b987a01c4fb1f4e3935e30837442 47712 net extra krb5-otp_1.12.1+dfsg-18_amd64.deb
 40c545a5291d8f6417bb2fdfa4a74a8f 302852 libs standard libkrb5-3_1.12.1+dfsg-18_amd64.deb
 7a25df1dc713200e8c5425dbf1125140 150478 libs standard libgssapi-krb5-2_1.12.1+dfsg-18_amd64.deb
 c117222426798461024373491f1aa82c 85756 libs standard libgssrpc4_1.12.1+dfsg-18_amd64.deb
 eafc13234e89e7e3c30f7c8340bcdfc2 82398 libs standard libkadm5srv-mit9_1.12.1+dfsg-18_amd64.deb
 b3de8b28865dc0bfba8654c92b3eaf5a 67842 libs standard libkadm5clnt-mit9_1.12.1+dfsg-18_amd64.deb
 3566d90efd23b201f6ad53e6ee5999cd 114520 libs standard libk5crypto3_1.12.1+dfsg-18_amd64.deb
 4310dd4fd7fc69f862bc818a869e5dca 68164 libs standard libkdb5-7_1.12.1+dfsg-18_amd64.deb
 0154563ac7d75b24ad230658d878d5e1 58500 libs standard libkrb5support0_1.12.1+dfsg-18_amd64.deb
 7382dbe78cc7ea5fca75d364e60efc0a 52162 libs standard libkrad0_1.12.1+dfsg-18_amd64.deb
 97b47bcf4e135cc20263374fdcaca845 55352 net extra krb5-gss-samples_1.12.1+dfsg-18_amd64.deb
 1ec0f9aa2f3b038d91f954a365569cd7 42570 libdevel extra libkrad-dev_1.12.1+dfsg-18_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQGgBAEBCgAGBQJU5NVTAAoJECjZpvNk63US7bcMGgO2sKpVnMXNAcIuXmjtBzYj
4W8100QqImS9Kcxp6MqzgiVJhhxj/FIsixT81nz1wuFM1RSkoVPygpH6G/Hv6uH4
eY/tZA452GFMb7LMl+uk4gmTL1yLx4OpUcd3aAuuwGnjz2SJzFLbMNdB4YFO+lah
5hn6eEtTmUVV7uBufEY+2aVWBJ9VNNnH35wnFxy9yXUEJNKl+CNshPNjzo6oq67y
rHkR3YmS36ypFWqCRmBkCRwHTCL8fiBmJzm5PW+GVEl1SDJ4H+QMyz3eMB686dT/
IB9JGorW/NcSMcGt7RK1LkWv6w5l4Icoz4QD2g2W4SWrY/lWF2+alH/DS7DeEHts
/EkMhbMxX+ZnPUvBgvu4zwwiKHVqjdO+s9iGYz1bRVTlyrMMw6z+Hr+Hg6E2on66
rO6IHp4AXIJ/AqQNizQ+OcbO6IppGfjD5D21mD3gfXTLm9Wj99BCgagsIaKgtpb0
Fhsf3xUdy2PUOoBMYAbW/LxkcMiQ75oL2sgRLaHAL6Xa4xw=
=giHl
-----END PGP SIGNATURE-----

Message #25 received at 778647@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Benjamin Kaduk <kaduk@MIT.EDU>

Cc: 778647@bugs.debian.org

Subject: Re: Bug#778647 closed by Benjamin Kaduk <kaduk@mit.edu> (Bug#778647: fixed in krb5 1.12.1+dfsg-18)

Date: Wed, 18 Feb 2015 20:06:26 +0100

[Message part 1 (text/plain, inline)]

Hi Benjamin,

On Wed, Feb 18, 2015 at 06:24:10PM +0000, Debian Bug Tracking System wrote:
> This is an automatic notification regarding your Bug report
> which was filed against the src:krb5 package:
> 
> #778647: krb5: CVE-2014-5355
> 
> It has been closed by Benjamin Kaduk <kaduk@mit.edu>.
[...]
>  krb5 (1.12.1+dfsg-18) unstable; urgency=high
>  .
>    * Import upstream patch for CVE-2014-5355, Closes: #778647

Thank you! Can you also ask for an unblock of it to the Release Team,
so that this fix can go as well into jessie?

Regards,
Salvatore

[signature.asc (application/pgp-signature, inline)]

Message #30 received at 778647@bugs.debian.org (full text, mbox, reply):

From: Benjamin Kaduk <kaduk@MIT.EDU>

To: Salvatore Bonaccorso <carnil@debian.org>

Cc: 778647@bugs.debian.org

Subject: Re: Bug#778647 closed by Benjamin Kaduk <kaduk@mit.edu> (Bug#778647: fixed in krb5 1.12.1+dfsg-18)

Date: Wed, 18 Feb 2015 14:08:43 -0500 (EST)

On Wed, 18 Feb 2015, Salvatore Bonaccorso wrote:

> Hi Benjamin,
>
> On Wed, Feb 18, 2015 at 06:24:10PM +0000, Debian Bug Tracking System wrote:
> > This is an automatic notification regarding your Bug report
> > which was filed against the src:krb5 package:
> >
> > #778647: krb5: CVE-2014-5355
> >
> > It has been closed by Benjamin Kaduk <kaduk@mit.edu>.
> [...]
> >  krb5 (1.12.1+dfsg-18) unstable; urgency=high
> >  .
> >    * Import upstream patch for CVE-2014-5355, Closes: #778647
>
> Thank you! Can you also ask for an unblock of it to the Release Team,
> so that this fix can go as well into jessie?

Hi Salvatore,

I plan to do so; I was just going to wait a couple hours to make sure that
the buildds are happy with it, first.  (I had problems with 1.12.1+dfsg-13
of that nature, IIRC.)

-Ben

Message #35 received at 778647@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Benjamin Kaduk <kaduk@MIT.EDU>

Cc: 778647@bugs.debian.org

Subject: Re: Bug#778647 closed by Benjamin Kaduk <kaduk@mit.edu> (Bug#778647: fixed in krb5 1.12.1+dfsg-18)

Date: Wed, 18 Feb 2015 21:05:39 +0100

Hi Ben,

On Wed, Feb 18, 2015 at 02:08:43PM -0500, Benjamin Kaduk wrote:
> On Wed, 18 Feb 2015, Salvatore Bonaccorso wrote:
> 
> > Hi Benjamin,
> >
> > On Wed, Feb 18, 2015 at 06:24:10PM +0000, Debian Bug Tracking System wrote:
> > > This is an automatic notification regarding your Bug report
> > > which was filed against the src:krb5 package:
> > >
> > > #778647: krb5: CVE-2014-5355
> > >
> > > It has been closed by Benjamin Kaduk <kaduk@mit.edu>.
> > [...]
> > >  krb5 (1.12.1+dfsg-18) unstable; urgency=high
> > >  .
> > >    * Import upstream patch for CVE-2014-5355, Closes: #778647
> >
> > Thank you! Can you also ask for an unblock of it to the Release Team,
> > so that this fix can go as well into jessie?
> 
> Hi Salvatore,
> 
> I plan to do so; I was just going to wait a couple hours to make sure that
> the buildds are happy with it, first.  (I had problems with 1.12.1+dfsg-13
> of that nature, IIRC.)

Thanks for quick reply. Indeed makes sense!

Regards,
Salvatore

Send a report that this bug log contains spam.