Mandriva Linux Security Advisory 2013-157 - The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center in MIT Kerberos 5 before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during extraction of fields from an X.509 certificate, which allows remote attackers to cause a denial of service via a malformed KRB5_PADATA_PK_AS_REQ AS-REQ request. The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request. The updated packages have been patched to correct these issues.
199f5a10f9c3952ec28914507f3f5a6dc8411e3c44dfd7e08218fe1c6eb08789
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2013:157
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : krb5
Date : April 30, 2013
Affected: Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities has been discovered and corrected in krb5:
The pkinit_check_kdc_pkid function in
plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT
implementation in the Key Distribution Center (KDC) in MIT Kerberos
5 (aka krb5) before 1.10.4 and 1.11.x before 1.11.1 does not
properly handle errors during extraction of fields from an X.509
certificate, which allows remote attackers to cause a denial of
service (NULL pointer dereference and daemon crash) via a malformed
KRB5_PADATA_PK_AS_REQ AS-REQ request (CVE-2013-1415).
The prep_reprocess_req function in do_tgs_req.c in the Key Distribution
Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not
properly perform service-principal realm referral, which allows
remote authenticated users to cause a denial of service (NULL
pointer dereference and daemon crash) via a crafted TGS-REQ request
(CVE-2013-1416).
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1415
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1416
_______________________________________________________________________
Updated Packages:
Mandriva Enterprise Server 5:
b0468b389b1e175acf762a21823aa870 mes5/i586/krb5-1.8.1-0.10mdvmes5.2.i586.rpm
f6f34e48c32e7372262387ee0f8a6d6d mes5/i586/krb5-pkinit-openssl-1.8.1-0.10mdvmes5.2.i586.rpm
49f04f126409a7c7524dd84bd576513a mes5/i586/krb5-server-1.8.1-0.10mdvmes5.2.i586.rpm
763e9df7e32acdf9036e835822ddd337 mes5/i586/krb5-server-ldap-1.8.1-0.10mdvmes5.2.i586.rpm
ab890e3c1524d97c930f3878437893ee mes5/i586/krb5-workstation-1.8.1-0.10mdvmes5.2.i586.rpm
fa03c5d3e3672d61acd9ae43c610e015 mes5/i586/libkrb53-1.8.1-0.10mdvmes5.2.i586.rpm
7b4d78d59d007dbe82d8827999e2ddc5 mes5/i586/libkrb53-devel-1.8.1-0.10mdvmes5.2.i586.rpm
d3630020107ecd02a73e7f329db767bf mes5/SRPMS/krb5-1.8.1-0.10mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
eb2e6ec461ee09d091851697b40e3b2c mes5/x86_64/krb5-1.8.1-0.10mdvmes5.2.x86_64.rpm
6c583fdc171bc22d8dde7a424f025d3a mes5/x86_64/krb5-pkinit-openssl-1.8.1-0.10mdvmes5.2.x86_64.rpm
e83a30d3f387d251b319008c03f2e3b6 mes5/x86_64/krb5-server-1.8.1-0.10mdvmes5.2.x86_64.rpm
2834b0d57d3a6736f70673c2db4d8e59 mes5/x86_64/krb5-server-ldap-1.8.1-0.10mdvmes5.2.x86_64.rpm
f69261c7cad2c08af623c3551da65255 mes5/x86_64/krb5-workstation-1.8.1-0.10mdvmes5.2.x86_64.rpm
8944f84aa13359ee37be6222857b8fae mes5/x86_64/lib64krb53-1.8.1-0.10mdvmes5.2.x86_64.rpm
5348e078ac132dac87fd6a124c60e41f mes5/x86_64/lib64krb53-devel-1.8.1-0.10mdvmes5.2.x86_64.rpm
d3630020107ecd02a73e7f329db767bf mes5/SRPMS/krb5-1.8.1-0.10mdvmes5.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFRf4XYmqjQ0CJFipgRAh9qAJ0WakvqUdyy6cT7Ko5HL+j4qEoaMgCeNEr+
QLOf3UulKKzZNT6HQ+M0ttA=
=9L+Q
-----END PGP SIGNATURE-----