| Summary: | Multiple vulnerabilities was found in krb5 | ||
|---|---|---|---|
| Product: | [ROSA-based products] ROSA Fresh | Reporter: | Zombie Ryushu <zombie.ryushu> |
| Component: | Packages from Main | Assignee: | Danila Leontiev <danila.leontiev> |
| Status: | RESOLVED FIXED | QA Contact: | Private ROSA Bugs <private-bugs> |
| Severity: | normal | ||
| Priority: | Normal | CC: | alex.burmashev, anton.peyter, dmitry.postnikov, dmitry.romashkin, v.potapov |
| Version: | Marathon | Flags: | v.potapov:
qa_verified+
danila.leontiev: secteam_verified+ alex.burmashev: published+ |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Platform: | --- | ROSA Vulnerability identifier: | |
| RPM Package: | krb5 | ISO-related: | |
| Bad POT generating: | Upstream: | ||
|
Description
Zombie Ryushu
2013-04-30 14:46:19 MSK
CVE-2013-1415 krb5: PKINIT null pointer deref leads to DoS (pkinit_check_kdc_pkid()) CVE-2013-1416 krb5: NULL pointer dereference (DoS, KDC crash) by processing certain TGS requests The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during extraction of fields from an X.509 certificate, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed KRB5_PADATA_PK_AS_REQ AS-REQ request (CVE-2013-1415). The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request (CVE-2013-1416). References: https://bugzilla.redhat.com/show_bug.cgi?id=914749 https://bugzilla.redhat.com/show_bug.cgi?id=949984 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1416 Advisory: CVE-2013-1415 krb5: PKINIT null pointer deref leads to DoS (pkinit_check_kdc_pkid()) CVE-2013-1416 krb5: NULL pointer dereference (DoS, KDC crash) by processing certain TGS requests The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during extraction of fields from an X.509 certificate, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed KRB5_PADATA_PK_AS_REQ AS-REQ request (CVE-2013-1415). The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request (CVE-2013-1416). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1416 Buildlists: https://abf.rosalinux.ru/build_lists/1197934 https://abf.rosalinux.ru/build_lists/1197933 (64) The package route to extended testing 404 krb5-1.9.1-5-rosa.lts2012.0 ****************** Advisory ********************* Security updates: CVE-2013-1415 krb5: PKINIT null pointer deref leads to DoS (pkinit_check_kdc_pkid()) CVE-2013-1416 krb5: NULL pointer dereference (DoS, KDC crash) by processing certain TGS requests ************************************************* QA Verified |