Incorporate patch for RT#7755 (CVE-2013-1418)

- incorporate upstream patch for remote crash of KDCs which serve multiple
  realms simultaneously (RT#7755, CVE-2013-1418)
This commit is contained in:
Nalin Dahyabhai 2013-11-04 15:47:55 -05:00
parent a00c810e4e
commit a244d8f93c
2 changed files with 42 additions and 1 deletions

35
krb5-CVE-2013-1418.patch Normal file
View File

@ -0,0 +1,35 @@
Adjusted to apply to 1.11.3.
commit 5d2d9a1abe46a2c1a8614d4672d08d9d30a5f8bf
Author: Tom Yu <tlyu@mit.edu>
Date: Mon Nov 4 13:44:29 2013 -0500
Multi-realm KDC null deref [CVE-2013-1418]
If a KDC serves multiple realms, certain requests can cause
setup_server_realm() to dereference a null pointer, crashing the KDC.
CVSSv2: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C
A related but more minor vulnerability requires authentication to
exploit, and is only present if a third-party KDC database module can
dereference a null pointer under certain conditions.
ticket: 7755 (new)
target_version: 1.12
tags: pullup
diff --git a/src/kdc/main.c b/src/kdc/main.c
index 0f5961a..a7ffe63 100644
--- a/src/kdc/main.c
+++ b/src/kdc/main.c
@@ -124,6 +124,9 @@ setup_server_realm(struct server_handle *handle, krb5_principal sprinc)
kdc_realm_t **kdc_realmlist = handle->kdc_realmlist;
int kdc_numrealms = handle->kdc_numrealms;
+ if (sprinc == NULL)
+ return NULL;
+
kret = 0;
if (kdc_numrealms > 1) {
if (!(newrealm = find_realm_data(handle, sprinc->realm.data,

View File

@ -41,7 +41,7 @@
Summary: The Kerberos network authentication system
Name: krb5
Version: 1.11.3
Release: 28%{?dist}
Release: 29%{?dist}
# Maybe we should explode from the now-available-to-everybody tarball instead?
# http://web.mit.edu/kerberos/dist/krb5/1.11/krb5-1.11.3-signed.tar
Source0: krb5-%{version}.tar.gz
@ -108,6 +108,7 @@ Patch135: krb5-1.11-check_transited.patch
Patch136: krb5-1.11.3-prompter1.patch
Patch137: krb5-1.11.3-prompter2.patch
Patch138: krb5-1.11.3-gss-ccache-import.patch
Patch139: krb5-CVE-2013-1418.patch
# Patches for otp plugin backport
Patch201: krb5-1.11.2-keycheck.patch
@ -353,6 +354,7 @@ ln -s NOTICE LICENSE
%patch136 -p1 -b .prompter1
%patch137 -p1 -b .prompter2
%patch138 -p1 -b .gss-ccache-import
%patch139 -p1 -b .CVE-2013-1418
%patch201 -p1 -b .keycheck
%patch202 -p1 -b .otp
@ -1004,6 +1006,10 @@ exit 0
%{_sbindir}/uuserver
%changelog
* Mon Nov 4 2013 Nalin Dahyabhai <nalin@redhat.com> - 1.11.3-29
- incorporate upstream patch for remote crash of KDCs which serve multiple
realms simultaneously (RT#7755, CVE-2013-1418)
* Mon Nov 4 2013 Nalin Dahyabhai <nalin@redhat.com> - 1.11.3-28
- drop patch to add additional access() checks to ksu - they add to breakage
when non-FILE: caches are in use (#1026099), shouldn't be resulting in any