* Mon May 4 2015 Roland Mainz <rmainz@redhat.com> - 1.13.1-4

- fix for CVE-2015-2694 (#1216133) "requires_preauth bypass
  in PKINIT-enabled KDC".
  In MIT krb5 1.12 and later, when the KDC is configured with
  PKINIT support, an unauthenticated remote attacker can
  bypass the requires_preauth flag on a client principal and
  obtain a ciphertext encrypted in the principal's long-term
  key.  This ciphertext could be used to conduct an off-line
  dictionary attack against the user's password.
resolves: #1216134
This commit is contained in:
Roland Mainz 2015-05-06 01:15:00 +02:00
parent 14a63ce373
commit 1171aa60d0
2 changed files with 113 additions and 1 deletions

View File

@ -0,0 +1,100 @@
From e3b5a5e5267818c97750b266df50b6a3d4649604 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Tue, 24 Mar 2015 12:02:37 -0400
Subject: [PATCH] Prevent requires_preauth bypass [CVE-2015-2694]
In the OTP kdcpreauth module, don't set the TKT_FLG_PRE_AUTH bit until
the request is successfully verified. In the PKINIT kdcpreauth
module, don't respond with code 0 on empty input or an unconfigured
realm. Together these bugs could cause the KDC preauth framework to
erroneously treat a request as pre-authenticated.
CVE-2015-2694:
In MIT krb5 1.12 and later, when the KDC is configured with PKINIT
support, an unauthenticated remote attacker can bypass the
requires_preauth flag on a client principal and obtain a ciphertext
encrypted in the principal's long-term key. This ciphertext could be
used to conduct an off-line dictionary attack against the user's
password.
CVSSv2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N/E:POC/RL:OF/RC:C
ticket: 8160 (new)
target_version: 1.13.2
tags: pullup
subject: requires_preauth bypass in PKINIT-enabled KDC [CVE-2015-2694]
---
src/plugins/preauth/otp/main.c | 10 +++++++---
src/plugins/preauth/pkinit/pkinit_srv.c | 4 ++--
2 files changed, 9 insertions(+), 5 deletions(-)
diff --git a/src/plugins/preauth/otp/main.c b/src/plugins/preauth/otp/main.c
index bf9c6a8..7941b4a 100644
--- a/src/plugins/preauth/otp/main.c
+++ b/src/plugins/preauth/otp/main.c
@@ -42,6 +42,7 @@ static krb5_preauthtype otp_pa_type_list[] =
struct request_state {
krb5_kdcpreauth_verify_respond_fn respond;
void *arg;
+ krb5_enc_tkt_part *enc_tkt_reply;
};
static krb5_error_code
@@ -159,6 +160,9 @@ on_response(void *data, krb5_error_code retval, otp_response response)
if (retval == 0 && response != otp_response_success)
retval = KRB5_PREAUTH_FAILED;
+ if (retval == 0)
+ rs.enc_tkt_reply->flags |= TKT_FLG_PRE_AUTH;
+
rs.respond(rs.arg, retval, NULL, NULL, NULL);
}
@@ -263,8 +267,6 @@ otp_verify(krb5_context context, krb5_data *req_pkt, krb5_kdc_req *request,
krb5_data d, plaintext;
char *config;
- enc_tkt_reply->flags |= TKT_FLG_PRE_AUTH;
-
/* Get the FAST armor key. */
armor_key = cb->fast_armor(context, rock);
if (armor_key == NULL) {
@@ -298,12 +300,14 @@ otp_verify(krb5_context context, krb5_data *req_pkt, krb5_kdc_req *request,
goto error;
}
- /* Create the request state. */
+ /* Create the request state. Save the response callback, and the
+ * enc_tkt_reply pointer so we can set the TKT_FLG_PRE_AUTH flag later. */
rs = k5alloc(sizeof(struct request_state), &retval);
if (rs == NULL)
goto error;
rs->arg = arg;
rs->respond = respond;
+ rs->enc_tkt_reply = enc_tkt_reply;
/* Get the principal's OTP configuration string. */
retval = cb->get_string(context, rock, "otp", &config);
diff --git a/src/plugins/preauth/pkinit/pkinit_srv.c b/src/plugins/preauth/pkinit/pkinit_srv.c
index b472741..5b1d73e 100644
--- a/src/plugins/preauth/pkinit/pkinit_srv.c
+++ b/src/plugins/preauth/pkinit/pkinit_srv.c
@@ -301,7 +301,7 @@ pkinit_server_verify_padata(krb5_context context,
pkiDebug("pkinit_verify_padata: entered!\n");
if (data == NULL || data->length <= 0 || data->contents == NULL) {
- (*respond)(arg, 0, NULL, NULL, NULL);
+ (*respond)(arg, EINVAL, NULL, NULL, NULL);
return;
}
@@ -313,7 +313,7 @@ pkinit_server_verify_padata(krb5_context context,
plgctx = pkinit_find_realm_context(context, moddata, request->server);
if (plgctx == NULL) {
- (*respond)(arg, 0, NULL, NULL, NULL);
+ (*respond)(arg, EINVAL, NULL, NULL, NULL);
return;
}

View File

@ -43,7 +43,7 @@
Summary: The Kerberos network authentication system
Name: krb5
Version: 1.13.1
Release: 3%{?dist}
Release: 4%{?dist}
# - Maybe we should explode from the now-available-to-everybody tarball instead?
# http://web.mit.edu/kerberos/dist/krb5/1.13/krb5-1.13.1-signed.tar
# - The sources below are stored in a lookaside cache. Upload with
@ -96,6 +96,7 @@ Patch134: krb5-1.11-kpasswdtest.patch
Patch136: krb5-socket_wrapper_eventfd_prototype_mismatch.patch
Patch140: krb5-1.14-Support-KDC_ERR_MORE_PREAUTH_DATA_REQUIRED.patch
Patch141: krb5-1.12.1-CVE_2014_5355_fix_krb5_read_message_handling.patch
Patch142: krb5-1.13.2-CVE_2015_2694_requires_preauth_bypass_in_PKINIT_enabled_KDC.patch
License: MIT
URL: http://web.mit.edu/kerberos/www/
@ -319,6 +320,7 @@ ln NOTICE LICENSE
%patch140 -p1 -b .krb5-1.14-support-kdc_err_more_preauth_data_required
%patch141 -p1 -b .krb5-1.12.1-cve_2014_5355_fix_krb5_read_message_handling
%patch142 -p1 -b .krb5-1.13.2-cve_2015_2694_requires_preauth_bypass_in_pkinit_enabled_kdc
# Take the execute bit off of documentation.
chmod -x doc/krb5-protocol/*.txt doc/ccapi/*.html
@ -1002,6 +1004,16 @@ exit 0
%changelog
* Mon May 4 2015 Roland Mainz <rmainz@redhat.com> - 1.13.1-4
- fix for CVE-2015-2694 (#1216133) "requires_preauth bypass
in PKINIT-enabled KDC".
In MIT krb5 1.12 and later, when the KDC is configured with
PKINIT support, an unauthenticated remote attacker can
bypass the requires_preauth flag on a client principal and
obtain a ciphertext encrypted in the principal's long-term
key. This ciphertext could be used to conduct an off-line
dictionary attack against the user's password.
* Wed Mar 25 2015 Roland Mainz <rmainz@redhat.com> - 1.13.1-3
- Add temporay workaround for RH bug #1204646 ("krb5-config
returns wrong -specs path") which modifies krb5-config post