diff --git a/krb5-1.13.2-CVE_2015_2694_requires_preauth_bypass_in_PKINIT_enabled_KDC.patch b/krb5-1.13.2-CVE_2015_2694_requires_preauth_bypass_in_PKINIT_enabled_KDC.patch new file mode 100644 index 0000000..153566b --- /dev/null +++ b/krb5-1.13.2-CVE_2015_2694_requires_preauth_bypass_in_PKINIT_enabled_KDC.patch @@ -0,0 +1,100 @@ +From e3b5a5e5267818c97750b266df50b6a3d4649604 Mon Sep 17 00:00:00 2001 +From: Greg Hudson +Date: Tue, 24 Mar 2015 12:02:37 -0400 +Subject: [PATCH] Prevent requires_preauth bypass [CVE-2015-2694] + +In the OTP kdcpreauth module, don't set the TKT_FLG_PRE_AUTH bit until +the request is successfully verified. In the PKINIT kdcpreauth +module, don't respond with code 0 on empty input or an unconfigured +realm. Together these bugs could cause the KDC preauth framework to +erroneously treat a request as pre-authenticated. + +CVE-2015-2694: + +In MIT krb5 1.12 and later, when the KDC is configured with PKINIT +support, an unauthenticated remote attacker can bypass the +requires_preauth flag on a client principal and obtain a ciphertext +encrypted in the principal's long-term key. This ciphertext could be +used to conduct an off-line dictionary attack against the user's +password. + + CVSSv2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N/E:POC/RL:OF/RC:C + +ticket: 8160 (new) +target_version: 1.13.2 +tags: pullup +subject: requires_preauth bypass in PKINIT-enabled KDC [CVE-2015-2694] +--- + src/plugins/preauth/otp/main.c | 10 +++++++--- + src/plugins/preauth/pkinit/pkinit_srv.c | 4 ++-- + 2 files changed, 9 insertions(+), 5 deletions(-) + +diff --git a/src/plugins/preauth/otp/main.c b/src/plugins/preauth/otp/main.c +index bf9c6a8..7941b4a 100644 +--- a/src/plugins/preauth/otp/main.c ++++ b/src/plugins/preauth/otp/main.c +@@ -42,6 +42,7 @@ static krb5_preauthtype otp_pa_type_list[] = + struct request_state { + krb5_kdcpreauth_verify_respond_fn respond; + void *arg; ++ krb5_enc_tkt_part *enc_tkt_reply; + }; + + static krb5_error_code +@@ -159,6 +160,9 @@ on_response(void *data, krb5_error_code retval, otp_response response) + if (retval == 0 && response != otp_response_success) + retval = KRB5_PREAUTH_FAILED; + ++ if (retval == 0) ++ rs.enc_tkt_reply->flags |= TKT_FLG_PRE_AUTH; ++ + rs.respond(rs.arg, retval, NULL, NULL, NULL); + } + +@@ -263,8 +267,6 @@ otp_verify(krb5_context context, krb5_data *req_pkt, krb5_kdc_req *request, + krb5_data d, plaintext; + char *config; + +- enc_tkt_reply->flags |= TKT_FLG_PRE_AUTH; +- + /* Get the FAST armor key. */ + armor_key = cb->fast_armor(context, rock); + if (armor_key == NULL) { +@@ -298,12 +300,14 @@ otp_verify(krb5_context context, krb5_data *req_pkt, krb5_kdc_req *request, + goto error; + } + +- /* Create the request state. */ ++ /* Create the request state. Save the response callback, and the ++ * enc_tkt_reply pointer so we can set the TKT_FLG_PRE_AUTH flag later. */ + rs = k5alloc(sizeof(struct request_state), &retval); + if (rs == NULL) + goto error; + rs->arg = arg; + rs->respond = respond; ++ rs->enc_tkt_reply = enc_tkt_reply; + + /* Get the principal's OTP configuration string. */ + retval = cb->get_string(context, rock, "otp", &config); +diff --git a/src/plugins/preauth/pkinit/pkinit_srv.c b/src/plugins/preauth/pkinit/pkinit_srv.c +index b472741..5b1d73e 100644 +--- a/src/plugins/preauth/pkinit/pkinit_srv.c ++++ b/src/plugins/preauth/pkinit/pkinit_srv.c +@@ -301,7 +301,7 @@ pkinit_server_verify_padata(krb5_context context, + + pkiDebug("pkinit_verify_padata: entered!\n"); + if (data == NULL || data->length <= 0 || data->contents == NULL) { +- (*respond)(arg, 0, NULL, NULL, NULL); ++ (*respond)(arg, EINVAL, NULL, NULL, NULL); + return; + } + +@@ -313,7 +313,7 @@ pkinit_server_verify_padata(krb5_context context, + + plgctx = pkinit_find_realm_context(context, moddata, request->server); + if (plgctx == NULL) { +- (*respond)(arg, 0, NULL, NULL, NULL); ++ (*respond)(arg, EINVAL, NULL, NULL, NULL); + return; + } + diff --git a/krb5.spec b/krb5.spec index 17da7f8..cde6f6c 100644 --- a/krb5.spec +++ b/krb5.spec @@ -43,7 +43,7 @@ Summary: The Kerberos network authentication system Name: krb5 Version: 1.13.1 -Release: 3%{?dist} +Release: 4%{?dist} # - Maybe we should explode from the now-available-to-everybody tarball instead? # http://web.mit.edu/kerberos/dist/krb5/1.13/krb5-1.13.1-signed.tar # - The sources below are stored in a lookaside cache. Upload with @@ -96,6 +96,7 @@ Patch134: krb5-1.11-kpasswdtest.patch Patch136: krb5-socket_wrapper_eventfd_prototype_mismatch.patch Patch140: krb5-1.14-Support-KDC_ERR_MORE_PREAUTH_DATA_REQUIRED.patch Patch141: krb5-1.12.1-CVE_2014_5355_fix_krb5_read_message_handling.patch +Patch142: krb5-1.13.2-CVE_2015_2694_requires_preauth_bypass_in_PKINIT_enabled_KDC.patch License: MIT URL: http://web.mit.edu/kerberos/www/ @@ -319,6 +320,7 @@ ln NOTICE LICENSE %patch140 -p1 -b .krb5-1.14-support-kdc_err_more_preauth_data_required %patch141 -p1 -b .krb5-1.12.1-cve_2014_5355_fix_krb5_read_message_handling +%patch142 -p1 -b .krb5-1.13.2-cve_2015_2694_requires_preauth_bypass_in_pkinit_enabled_kdc # Take the execute bit off of documentation. chmod -x doc/krb5-protocol/*.txt doc/ccapi/*.html @@ -1002,6 +1004,16 @@ exit 0 %changelog +* Mon May 4 2015 Roland Mainz - 1.13.1-4 +- fix for CVE-2015-2694 (#1216133) "requires_preauth bypass + in PKINIT-enabled KDC". + In MIT krb5 1.12 and later, when the KDC is configured with + PKINIT support, an unauthenticated remote attacker can + bypass the requires_preauth flag on a client principal and + obtain a ciphertext encrypted in the principal's long-term + key. This ciphertext could be used to conduct an off-line + dictionary attack against the user's password. + * Wed Mar 25 2015 Roland Mainz - 1.13.1-3 - Add temporay workaround for RH bug #1204646 ("krb5-config returns wrong -specs path") which modifies krb5-config post