Bug 6929 - krb5 new security issue CVE-2012-1015
: krb5 new security issue CVE-2012-1015
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: Security
: 2
: i586 Linux
: Normal Severity: major
: ---
Assigned To: QA Team
:
: http://lwn.net/Vulnerabilities/509170/
: MGA1TOO has_procedure MGA1-32-OK MGA2...
: validated_update
:
:
  Show dependency treegraph
 
Reported: 2012-08-01 22:58 CEST by David Walser
Modified: 2012-08-03 22:55 CEST (History)
4 users (show)

See Also:
Source RPM: krb5-1.9.2-2.2.mga2.src.rpm
CVE:


Attachments

Description David Walser 2012-08-01 22:58:46 CEST
Mandriva has issued an advisory today (August 1):
http://www.mandriva.com/en/support/security/advisories/?dis=2011&name=MDVSA-2012:111

Patched package uploaded for Mageia 1, Mageia 2, and Cauldron.

Advisory:
========================

Updated krb5 packages fix security vulnerability:

The MIT krb5 KDC (Key Distribution Center) daemon can free an
uninitialized pointer while processing an unusual AS-REQ, corrupting
the process heap and possibly causing the daemon to abnormally
terminate. An attacker could use this vulnerability to execute
malicious code, but exploiting frees of uninitialized pointers to
execute code is believed to be difficult. It is possible that a
legitimate client that is misconfigured in an unusual way could
trigger this vulnerability (CVE-2012-1015).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1015
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2012-001.txt
http://www.mandriva.com/en/support/security/advisories/?dis=2011&name=MDVSA-2012:111
========================

Updated packages in core/updates_testing:
========================
krb5-1.8.3-5.4.mga1
libkrb53-devel-1.8.3-5.4.mga1
libkrb53-1.8.3-5.4.mga1
krb5-server-1.8.3-5.4.mga1
krb5-server-ldap-1.8.3-5.4.mga1
krb5-workstation-1.8.3-5.4.mga1
krb5-pkinit-openssl-1.8.3-5.4.mga1
krb5-1.9.2-2.3.mga2
libkrb53-devel-1.9.2-2.3.mga2
libkrb53-1.9.2-2.3.mga2
krb5-server-1.9.2-2.3.mga2
krb5-server-ldap-1.9.2-2.3.mga2
krb5-workstation-1.9.2-2.3.mga2
krb5-pkinit-openssl-1.9.2-2.3.mga2

from SRPMS:
krb5-1.8.3-5.4.mga1.src.rpm
krb5-1.9.2-2.3.mga2.src.rpm
Comment 1 Samuel Verschelde 2012-08-02 09:56:57 CEST
We've got a testing procedure for testing krb5: https://wiki.mageia.org/en/QA_procedure:Krb5

No known exploit, so following the testing procedure should be enough.
Comment 2 Dave Hodgins 2012-08-02 20:44:34 CEST
Testing complete on Mageia 1 i586.

I'll be testing the others shortly.
Comment 3 Dave Hodgins 2012-08-02 21:06:33 CEST
On Mageia 1 x86-64, everything is fine until I try to krlogin.

There login fails, but there is no message displayed.
In /var/log/auth.log, there is an error message ...
klogind[32124]: Error reading message

I'm trying to figure out what is causing the problem.
Comment 4 Dave Hodgins 2012-08-02 22:37:50 CEST
https://bugs.launchpad.net/ubuntu/+source/krb5-appl/+bug/564641

Seems to be the same problem and has a patch.
Comment 5 Dave Hodgins 2012-08-02 23:26:47 CEST
Testing complete on Mageia 2 x86-64.

I'll retest Mageia 1 x86-64 to see if comment 3 is a regression.

I've also updated the procedure to show what output krlogin should
be displaying.
Comment 6 Dave Hodgins 2012-08-02 23:41:49 CEST
I've now confirmed the problem with krlogin in Mageia 1 x86-64 is not a
regression.

As klist shows the ticket is being granted, I'll consider testing complete
on Mageia 1 64 bit, and will open a new bug report for the krlogin problem.
Comment 7 Dave Hodgins 2012-08-03 00:10:20 CEST
Testing complete.  Bug 6939 opened for the krlogin problem.

Could someone from the sysadmin team push the srpm
krb5-1.9.2-2.3.mga2.src.rpm
from Mageia 2 Core Updates Testing to Core Updates and the srpm
krb5-1.8.3-5.4.mga1.src.rpm
from Mageia 1 Core Updates Testing to Core Updates.

Advisory: Updated krb5 packages fix security vulnerability:

The MIT krb5 KDC (Key Distribution Center) daemon can free an
uninitialized pointer while processing an unusual AS-REQ, corrupting
the process heap and possibly causing the daemon to abnormally
terminate. An attacker could use this vulnerability to execute
malicious code, but exploiting frees of uninitialized pointers to
execute code is believed to be difficult. It is possible that a
legitimate client that is misconfigured in an unusual way could
trigger this vulnerability (CVE-2012-1015).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1015
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2012-001.txt
http://www.mandriva.com/en/support/security/advisories/?dis=2011&name=MDVSA-2012:111

https://bugs.mageia.org/show_bug.cgi?id=6929
Comment 8 Thomas Backlund 2012-08-03 22:55:25 CEST
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0196

Note You need to log in before you can comment on or make changes to this bug.