- apply patch to address MITKRB-SA-2006-001 (CVE-2006-3084)
This commit is contained in:
parent
8c4df25456
commit
2bc5a13d2a
269
2006-001-patch_1.5.txt
Normal file
269
2006-001-patch_1.5.txt
Normal file
@ -0,0 +1,269 @@
|
|||||||
|
Index: appl/gssftp/ftpd/ftpd.c
|
||||||
|
===================================================================
|
||||||
|
*** appl/gssftp/ftpd/ftpd.c (revision 18419)
|
||||||
|
--- appl/gssftp/ftpd/ftpd.c (working copy)
|
||||||
|
***************
|
||||||
|
*** 1367,1373 ****
|
||||||
|
goto bad;
|
||||||
|
sleep(tries);
|
||||||
|
}
|
||||||
|
! (void) krb5_seteuid((uid_t)pw->pw_uid);
|
||||||
|
#ifdef IP_TOS
|
||||||
|
#ifdef IPTOS_THROUGHPUT
|
||||||
|
on = IPTOS_THROUGHPUT;
|
||||||
|
--- 1367,1375 ----
|
||||||
|
goto bad;
|
||||||
|
sleep(tries);
|
||||||
|
}
|
||||||
|
! if (krb5_seteuid((uid_t)pw->pw_uid)) {
|
||||||
|
! fatal("seteuid user");
|
||||||
|
! }
|
||||||
|
#ifdef IP_TOS
|
||||||
|
#ifdef IPTOS_THROUGHPUT
|
||||||
|
on = IPTOS_THROUGHPUT;
|
||||||
|
***************
|
||||||
|
*** 1377,1383 ****
|
||||||
|
#endif
|
||||||
|
return (fdopen(s, fmode));
|
||||||
|
bad:
|
||||||
|
! (void) krb5_seteuid((uid_t)pw->pw_uid);
|
||||||
|
(void) close(s);
|
||||||
|
return (NULL);
|
||||||
|
}
|
||||||
|
--- 1379,1387 ----
|
||||||
|
#endif
|
||||||
|
return (fdopen(s, fmode));
|
||||||
|
bad:
|
||||||
|
! if (krb5_seteuid((uid_t)pw->pw_uid)) {
|
||||||
|
! fatal("seteuid user");
|
||||||
|
! }
|
||||||
|
(void) close(s);
|
||||||
|
return (NULL);
|
||||||
|
}
|
||||||
|
***************
|
||||||
|
*** 2186,2192 ****
|
||||||
|
(void) krb5_seteuid((uid_t)pw->pw_uid);
|
||||||
|
goto pasv_error;
|
||||||
|
}
|
||||||
|
! (void) krb5_seteuid((uid_t)pw->pw_uid);
|
||||||
|
len = sizeof(pasv_addr);
|
||||||
|
if (getsockname(pdata, (struct sockaddr *) &pasv_addr, &len) < 0)
|
||||||
|
goto pasv_error;
|
||||||
|
--- 2190,2198 ----
|
||||||
|
(void) krb5_seteuid((uid_t)pw->pw_uid);
|
||||||
|
goto pasv_error;
|
||||||
|
}
|
||||||
|
! if (krb5_seteuid((uid_t)pw->pw_uid)) {
|
||||||
|
! fatal("seteuid user");
|
||||||
|
! }
|
||||||
|
len = sizeof(pasv_addr);
|
||||||
|
if (getsockname(pdata, (struct sockaddr *) &pasv_addr, &len) < 0)
|
||||||
|
goto pasv_error;
|
||||||
|
Index: appl/bsd/v4rcp.c
|
||||||
|
===================================================================
|
||||||
|
*** appl/bsd/v4rcp.c (revision 18419)
|
||||||
|
--- appl/bsd/v4rcp.c (working copy)
|
||||||
|
***************
|
||||||
|
*** 436,442 ****
|
||||||
|
kstream_set_buffer_mode (krem, 0);
|
||||||
|
#endif /* KERBEROS && !NOENCRYPTION */
|
||||||
|
(void) response();
|
||||||
|
! (void) setuid(userid);
|
||||||
|
source(--argc, ++argv);
|
||||||
|
exit(errs);
|
||||||
|
|
||||||
|
--- 436,445 ----
|
||||||
|
kstream_set_buffer_mode (krem, 0);
|
||||||
|
#endif /* KERBEROS && !NOENCRYPTION */
|
||||||
|
(void) response();
|
||||||
|
! if (setuid(userid)) {
|
||||||
|
! error("rcp: can't setuid(user)\n");
|
||||||
|
! exit(1);
|
||||||
|
! }
|
||||||
|
source(--argc, ++argv);
|
||||||
|
exit(errs);
|
||||||
|
|
||||||
|
***************
|
||||||
|
*** 452,458 ****
|
||||||
|
krem = kstream_create_from_fd (rem, 0, 0);
|
||||||
|
kstream_set_buffer_mode (krem, 0);
|
||||||
|
#endif /* KERBEROS && !NOENCRYPTION */
|
||||||
|
! (void) setuid(userid);
|
||||||
|
sink(--argc, ++argv);
|
||||||
|
exit(errs);
|
||||||
|
|
||||||
|
--- 455,464 ----
|
||||||
|
krem = kstream_create_from_fd (rem, 0, 0);
|
||||||
|
kstream_set_buffer_mode (krem, 0);
|
||||||
|
#endif /* KERBEROS && !NOENCRYPTION */
|
||||||
|
! if (setuid(userid)) {
|
||||||
|
! error("rcp: can't setuid(user)\n");
|
||||||
|
! exit(1);
|
||||||
|
! }
|
||||||
|
sink(--argc, ++argv);
|
||||||
|
exit(errs);
|
||||||
|
|
||||||
|
Index: appl/bsd/krcp.c
|
||||||
|
===================================================================
|
||||||
|
*** appl/bsd/krcp.c (revision 18419)
|
||||||
|
--- appl/bsd/krcp.c (working copy)
|
||||||
|
***************
|
||||||
|
*** 620,626 ****
|
||||||
|
|
||||||
|
euid = geteuid();
|
||||||
|
if (euid == 0) {
|
||||||
|
! (void) setuid(0);
|
||||||
|
if(krb5_seteuid(userid)) {
|
||||||
|
perror("rcp seteuid user"); errs++; exit(errs);
|
||||||
|
}
|
||||||
|
--- 620,628 ----
|
||||||
|
|
||||||
|
euid = geteuid();
|
||||||
|
if (euid == 0) {
|
||||||
|
! if (setuid(0)) {
|
||||||
|
! perror("rcp setuid 0"); errs++; exit(errs);
|
||||||
|
! }
|
||||||
|
if(krb5_seteuid(userid)) {
|
||||||
|
perror("rcp seteuid user"); errs++; exit(errs);
|
||||||
|
}
|
||||||
|
***************
|
||||||
|
*** 638,648 ****
|
||||||
|
continue;
|
||||||
|
rcmd_stream_init_normal();
|
||||||
|
#ifdef HAVE_SETREUID
|
||||||
|
! (void) setreuid(0, userid);
|
||||||
|
sink(1, argv+argc-1);
|
||||||
|
! (void) setreuid(userid, 0);
|
||||||
|
#else
|
||||||
|
! (void) setuid(0);
|
||||||
|
if(seteuid(userid)) {
|
||||||
|
perror("rcp seteuid user"); errs++; exit(errs);
|
||||||
|
}
|
||||||
|
--- 640,656 ----
|
||||||
|
continue;
|
||||||
|
rcmd_stream_init_normal();
|
||||||
|
#ifdef HAVE_SETREUID
|
||||||
|
! if (setreuid(0, userid)) {
|
||||||
|
! perror("rcp setreuid 0,user"); errs++; exit(errs);
|
||||||
|
! }
|
||||||
|
sink(1, argv+argc-1);
|
||||||
|
! if (setreuid(userid, 0)) {
|
||||||
|
! perror("rcp setreuid user,0"); errs++; exit(errs);
|
||||||
|
! }
|
||||||
|
#else
|
||||||
|
! if (setuid(0)) {
|
||||||
|
! perror("rcp setuid 0"); errs++; exit(errs);
|
||||||
|
! }
|
||||||
|
if(seteuid(userid)) {
|
||||||
|
perror("rcp seteuid user"); errs++; exit(errs);
|
||||||
|
}
|
||||||
|
Index: appl/bsd/login.c
|
||||||
|
===================================================================
|
||||||
|
*** appl/bsd/login.c (revision 18419)
|
||||||
|
--- appl/bsd/login.c (working copy)
|
||||||
|
***************
|
||||||
|
*** 1648,1654 ****
|
||||||
|
}
|
||||||
|
#endif /* HAVE_SETLUID */
|
||||||
|
#ifdef _IBMR2
|
||||||
|
! setuidx(ID_LOGIN, pwd->pw_uid);
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/* This call MUST succeed */
|
||||||
|
--- 1648,1657 ----
|
||||||
|
}
|
||||||
|
#endif /* HAVE_SETLUID */
|
||||||
|
#ifdef _IBMR2
|
||||||
|
! if (setuidx(ID_LOGIN, pwd->pw_uid) < 0) {
|
||||||
|
! perror("setuidx");
|
||||||
|
! sleepexit(1);
|
||||||
|
! };
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/* This call MUST succeed */
|
||||||
|
Index: appl/bsd/krshd.c
|
||||||
|
===================================================================
|
||||||
|
*** appl/bsd/krshd.c (revision 18419)
|
||||||
|
--- appl/bsd/krshd.c (working copy)
|
||||||
|
***************
|
||||||
|
*** 1403,1411 ****
|
||||||
|
* If we're on a system which keeps track of login uids, then
|
||||||
|
* set the login uid.
|
||||||
|
*/
|
||||||
|
! setluid((uid_t) pwd->pw_uid);
|
||||||
|
#endif /* HAVE_SETLUID */
|
||||||
|
! (void) setuid((uid_t)pwd->pw_uid);
|
||||||
|
/* if TZ is set in the parent, drag it in */
|
||||||
|
{
|
||||||
|
char **findtz = environ;
|
||||||
|
--- 1403,1417 ----
|
||||||
|
* If we're on a system which keeps track of login uids, then
|
||||||
|
* set the login uid.
|
||||||
|
*/
|
||||||
|
! if (setluid((uid_t) pwd->pw_uid) < 0) {
|
||||||
|
! perror("setluid");
|
||||||
|
! _exit(1);
|
||||||
|
! }
|
||||||
|
#endif /* HAVE_SETLUID */
|
||||||
|
! if (setuid((uid_t)pwd->pw_uid) < 0) {
|
||||||
|
! perror("setuid");
|
||||||
|
! _exit(1);
|
||||||
|
! }
|
||||||
|
/* if TZ is set in the parent, drag it in */
|
||||||
|
{
|
||||||
|
char **findtz = environ;
|
||||||
|
Index: clients/ksu/main.c
|
||||||
|
===================================================================
|
||||||
|
*** clients/ksu/main.c (revision 18419)
|
||||||
|
--- clients/ksu/main.c (working copy)
|
||||||
|
***************
|
||||||
|
*** 892,900 ****
|
||||||
|
const char * cc_name;
|
||||||
|
struct stat st_temp;
|
||||||
|
|
||||||
|
! krb5_seteuid(0);
|
||||||
|
! krb5_seteuid(target_uid);
|
||||||
|
!
|
||||||
|
cc_name = krb5_cc_get_name(context, cc);
|
||||||
|
if ( ! stat(cc_name, &st_temp)){
|
||||||
|
if ((retval = krb5_cc_destroy(context, cc))){
|
||||||
|
--- 892,903 ----
|
||||||
|
const char * cc_name;
|
||||||
|
struct stat st_temp;
|
||||||
|
|
||||||
|
! if (krb5_seteuid(0) < 0 || krb5_seteuid(target_uid) < 0) {
|
||||||
|
! com_err(prog_name, errno,
|
||||||
|
! "while returning to source uid for destroying ccache");
|
||||||
|
! exit(1);
|
||||||
|
! }
|
||||||
|
!
|
||||||
|
cc_name = krb5_cc_get_name(context, cc);
|
||||||
|
if ( ! stat(cc_name, &st_temp)){
|
||||||
|
if ((retval = krb5_cc_destroy(context, cc))){
|
||||||
|
Index: lib/krb4/kuserok.c
|
||||||
|
===================================================================
|
||||||
|
*** lib/krb4/kuserok.c (revision 18419)
|
||||||
|
--- lib/krb4/kuserok.c (working copy)
|
||||||
|
***************
|
||||||
|
*** 159,167 ****
|
||||||
|
*/
|
||||||
|
if(getuid() == 0) {
|
||||||
|
uid_t old_euid = geteuid();
|
||||||
|
! seteuid(pwd->pw_uid);
|
||||||
|
fp = fopen(pbuf, "r");
|
||||||
|
! seteuid(old_euid);
|
||||||
|
if ((fp) == NULL) {
|
||||||
|
return(NOTOK);
|
||||||
|
}
|
||||||
|
--- 159,169 ----
|
||||||
|
*/
|
||||||
|
if(getuid() == 0) {
|
||||||
|
uid_t old_euid = geteuid();
|
||||||
|
! if (seteuid(pwd->pw_uid) < 0)
|
||||||
|
! return NOTOK;
|
||||||
|
fp = fopen(pbuf, "r");
|
||||||
|
! if (seteuid(old_euid) < 0)
|
||||||
|
! return NOTOK;
|
||||||
|
if ((fp) == NULL) {
|
||||||
|
return(NOTOK);
|
||||||
|
}
|
@ -10,7 +10,7 @@
|
|||||||
Summary: The Kerberos network authentication system.
|
Summary: The Kerberos network authentication system.
|
||||||
Name: krb5
|
Name: krb5
|
||||||
Version: 1.5
|
Version: 1.5
|
||||||
Release: 4
|
Release: 5
|
||||||
# Maybe we should explode from the now-available-to-everybody tarball instead?
|
# Maybe we should explode from the now-available-to-everybody tarball instead?
|
||||||
# http://web.mit.edu/kerberos/dist/krb5/1.5/krb5-1.5-signed.tar
|
# http://web.mit.edu/kerberos/dist/krb5/1.5/krb5-1.5-signed.tar
|
||||||
Source0: krb5-%{version}.tar.gz
|
Source0: krb5-%{version}.tar.gz
|
||||||
@ -66,6 +66,7 @@ Patch40: krb5-1.4.1-telnet-environ.patch
|
|||||||
Patch41: krb5-1.2.7-login-lpass.patch
|
Patch41: krb5-1.2.7-login-lpass.patch
|
||||||
Patch44: krb5-1.4.3-enospc.patch
|
Patch44: krb5-1.4.3-enospc.patch
|
||||||
Patch45: krb5-1.5-gssinit.patch
|
Patch45: krb5-1.5-gssinit.patch
|
||||||
|
Patch46: http://web.mit.edu/kerberos/advisories/2006-001-patch_1.5.txt
|
||||||
|
|
||||||
License: MIT, freely distributable.
|
License: MIT, freely distributable.
|
||||||
URL: http://web.mit.edu/kerberos/www/
|
URL: http://web.mit.edu/kerberos/www/
|
||||||
@ -131,6 +132,9 @@ network uses Kerberos, this package should be installed on every
|
|||||||
workstation.
|
workstation.
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Aug 8 2006 Nalin Dahyabhai <nalin@redhat.com> - 1.5-5
|
||||||
|
- apply patch to address MITKRB-SA-2006-001 (CVE-2006-3084)
|
||||||
|
|
||||||
* Mon Aug 7 2006 Nalin Dahyabhai <nalin@redhat.com> - 1.5-4
|
* Mon Aug 7 2006 Nalin Dahyabhai <nalin@redhat.com> - 1.5-4
|
||||||
- ensure that the gssapi library's been initialized before walking the
|
- ensure that the gssapi library's been initialized before walking the
|
||||||
internal mechanism list in gss_release_oid(), needed if called from
|
internal mechanism list in gss_release_oid(), needed if called from
|
||||||
@ -937,6 +941,9 @@ workstation.
|
|||||||
%patch41 -p1 -b .login-lpass
|
%patch41 -p1 -b .login-lpass
|
||||||
%patch44 -p1 -b .enospc
|
%patch44 -p1 -b .enospc
|
||||||
%patch45 -p1 -b .gssinit
|
%patch45 -p1 -b .gssinit
|
||||||
|
pushd src
|
||||||
|
%patch46 -p0 -b .2006-001
|
||||||
|
popd
|
||||||
cp src/krb524/README README.krb524
|
cp src/krb524/README README.krb524
|
||||||
gzip doc/*.ps
|
gzip doc/*.ps
|
||||||
cd src
|
cd src
|
||||||
|
Loading…
Reference in New Issue
Block a user