diff --git a/.gitignore b/.gitignore index 05b535a..db34833 100644 --- a/.gitignore +++ b/.gitignore @@ -113,3 +113,6 @@ krb5-1.8.3-pdf.tar.gz /krb5-1.13-alpha1.tar.gz /krb5-1.13-alpha1.tar.gz.asc /krb5-1.13-alpha1-pdf.tar.xz +/krb5-1.13.tar.gz +/krb5-1.13.tar.gz.asc +/krb5-1.13-pdf.tar.xz diff --git a/krb5-bug_1145425_CVE-2014-5351.patch b/krb5-bug_1145425_CVE-2014-5351.patch deleted file mode 100644 index 46b21da..0000000 --- a/krb5-bug_1145425_CVE-2014-5351.patch +++ /dev/null @@ -1,90 +0,0 @@ -# from wget 'https://github.com/krb5/krb5/commit/3bf9e33f9d66c0eef486cbd83f9e4f13a74d12c3.patch' -From 3bf9e33f9d66c0eef486cbd83f9e4f13a74d12c3 Mon Sep 17 00:00:00 2001 -From: Greg Hudson -Date: Thu, 21 Aug 2014 13:52:07 -0400 -Subject: [PATCH] Return only new keys in randkey [CVE-2014-5351] - -In kadmind's randkey operation, if a client specifies the keepold -flag, do not include the preserved old keys in the response. - -CVE-2014-5351: - -An authenticated remote attacker can retrieve the current keys for a -service principal when generating a new set of keys for that -principal. The attacker needs to be authenticated as a user who has -the elevated privilege for randomizing the keys of other principals. - -Normally, when a Kerberos administrator randomizes the keys of a -service principal, kadmind returns only the new keys. This prevents -an administrator who lacks legitimate privileged access to a service -from forging tickets to authenticate to that service. If the -"keepold" flag to the kadmin randkey RPC operation is true, kadmind -retains the old keys in the KDC database as intended, but also -unexpectedly returns the old keys to the client, which exposes the -service to ticket forgery attacks from the administrator. - -A mitigating factor is that legitimate clients of the affected service -will start failing to authenticate to the service once they begin to -receive service tickets encrypted in the new keys. The affected -service will be unable to decrypt the newly issued tickets, possibly -alerting the legitimate administrator of the affected service. - -CVSSv2: AV:N/AC:H/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C - -[tlyu@mit.edu: CVE description and CVSS score] - -(cherry picked from commit af0ed4df4dfae762ab5fb605f5a0c8f59cb4f6ca) - -ticket: 8018 -version_fixed: 1.13 -status: resolved ---- - src/lib/kadm5/srv/svr_principal.c | 21 ++++++++++++++++++--- - 1 file changed, 18 insertions(+), 3 deletions(-) - -diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c -index 5d358bd..d4e74cc 100644 ---- krb5-1.11.3/src/lib/kadm5/srv/svr_principal.c -+++ krb5-1.11.3/src/lib/kadm5/srv/svr_principal.c -@@ -344,6 +344,20 @@ check_1_6_dummy(kadm5_principal_ent_t entry, long mask, - *passptr = NULL; - } - -+/* Return the number of keys with the newest kvno. Assumes that all key data -+ * with the newest kvno are at the front of the key data array. */ -+static int -+count_new_keys(int n_key_data, krb5_key_data *key_data) -+{ -+ int n; -+ -+ for (n = 1; n < n_key_data; n++) { -+ if (key_data[n - 1].key_data_kvno != key_data[n].key_data_kvno) -+ return n; -+ } -+ return n_key_data; -+} -+ - kadm5_ret_t - kadm5_create_principal(void *server_handle, - kadm5_principal_ent_t entry, long mask, -@@ -1593,7 +1607,7 @@ kadm5_randkey_principal_3(void *server_handle, - osa_princ_ent_rec adb; - krb5_int32 now; - kadm5_policy_ent_rec pol; -- int ret, last_pwd; -+ int ret, last_pwd, n_new_keys; - krb5_boolean have_pol = FALSE; - kadm5_server_handle_t handle = server_handle; - krb5_keyblock *act_mkey; -@@ -1686,8 +1700,9 @@ kadm5_randkey_principal_3(void *server_handle, - kdb->fail_auth_count = 0; - - if (keyblocks) { -- ret = decrypt_key_data(handle->context, -- kdb->n_key_data, kdb->key_data, -+ /* Return only the new keys added by krb5_dbe_crk. */ -+ n_new_keys = count_new_keys(kdb->n_key_data, kdb->key_data); -+ ret = decrypt_key_data(handle->context, n_new_keys, kdb->key_data, - keyblocks, n_keys); - if (ret) - goto done; diff --git a/sources b/sources index 67a793e..be0ce37 100644 --- a/sources +++ b/sources @@ -1,5 +1,5 @@ -c0b597b78cd13be105aff29c600883b9 krb5-1.13-alpha1.tar.gz -49a891e6007a42a7e6f82e5943899a2c krb5-1.13-alpha1.tar.gz.asc -d3c480887984f14ecd8d93fd30a11896 krb5-1.13-alpha1-pdf.tar.xz +addb5fd7150f76059ed2a11a3970c957 krb5-1.13.tar.gz +39b6cad419762cbb96211cf282227e49 krb5-1.13.tar.gz.asc +d3c480887984f14ecd8d93fd30a11896 krb5-1.13-pdf.tar.xz 142c7f3f8d2b08936d2cee3de743133e nss_wrapper-0.0-20140204195100.git3d58327.tar.xz d8e42cf537192765463c3f1bad870250 socket_wrapper-0.0-20140204194748.gitf3b2ece.tar.xz