RT RT/krbdev.mit.edu: Ticket #8018 Return only new keys in randkey [CVE-2014-5351] Signed in as guest.
[Logout]

[Home] [Search] [Configuration]

[Display] [History] [Basics] [Dates] [People] [Links] [Jumbo]

 
 

 The Basics  
Id
8018
Status
resolved
Worked
0 min
Priority
0/0
Queue
krb5
 

 Keyword Selections  
Component
Tags
Version_reported
Version_Fixed
  • 1.13
Target_Version
  • 1.13
 

 Relationships  
Depends on:
Depended on by:
Parents:
Children:

Refers to:
Referred to by:
 
 Dates  
Created: Mon Sep 22 14:29:57 2014
Starts: Not set
Started: Mon Sep 22 14:29:57 2014
Last Contact: Mon Sep 22 17:29:08 2014
Due: Not set
Updated: Wed Dec 16 18:03:03 2015 by tlyu
 

 People  
Owner
 ghudson
Requestors
 ghudson@mit.edu
Cc
 
AdminCc
 
 

 More about Greg Hudson  
Comments about this user:
No comment entered about this user
This user's 25 highest priority tickets:
 

History   Display mode: [Brief headers] [Full headers]
      Mon Sep 22 14:29:57 2014  ghudson - Ticket created    
     
From: ghudson@mit.edu
Subject: git commit


Return only new keys in randkey [CVE-2014-5351]

In kadmind's randkey operation, if a client specifies the keepold
flag, do not include the preserved old keys in the response.

CVE-2014-5351:

An authenticated remote attacker can retrieve the current keys for a
service principal when generating a new set of keys for that
principal.  The attacker needs to be authenticated as a user who has
the elevated privilege for randomizing the keys of other principals.

Normally, when a Kerberos administrator randomizes the keys of a
service principal, kadmind returns only the new keys.  This prevents
an administrator who lacks legitimate privileged access to a service
from forging tickets to authenticate to that service.  If the
"keepold" flag to the kadmin randkey RPC operation is true, kadmind
retains the old keys in the KDC database as intended, but also
unexpectedly returns the old keys to the client, which exposes the
service to ticket forgery attacks from the administrator.

A mitigating factor is that legitimate clients of the affected service
will start failing to authenticate to the service once they begin to
receive service tickets encrypted in the new keys.  The affected
service will be unable to decrypt the newly issued tickets, possibly
alerting the legitimate administrator of the affected service.

CVSSv2: AV:N/AC:H/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C

[tlyu@mit.edu: CVE description and CVSS score]

https://github.com/krb5/krb5/commit/af0ed4df4dfae762ab5fb605f5a0c8f59cb4f6ca
Author: Greg Hudson <ghudson@mit.edu>
Commit: af0ed4df4dfae762ab5fb605f5a0c8f59cb4f6ca
Branch: master
 src/lib/kadm5/srv/svr_principal.c |   21 ++++++++++++++++++---
 1 files changed, 18 insertions(+), 3 deletions(-)


Download (untitled) 1.6k
      Mon Sep 22 14:29:57 2014  ghudson - Requestor ghudson@mit.edu added    
      Mon Sep 22 14:29:57 2014  ghudson - Status changed from new to review    
      Mon Sep 22 14:29:57 2014  ghudson - Tags pullup added    
      Mon Sep 22 14:29:57 2014  ghudson - Target_Version 1.13 added    
      Mon Sep 22 17:29:08 2014  tlyu - Status changed from review to resolved    
      Mon Sep 22 17:29:08 2014  tlyu - Version_Fixed 1.13 added    
      Mon Sep 22 17:29:08 2014  tlyu - Correspondence added    
     
From: tlyu@mit.edu
Subject: git commit


Return only new keys in randkey [CVE-2014-5351]

In kadmind's randkey operation, if a client specifies the keepold
flag, do not include the preserved old keys in the response.

CVE-2014-5351:

An authenticated remote attacker can retrieve the current keys for a
service principal when generating a new set of keys for that
principal.  The attacker needs to be authenticated as a user who has
the elevated privilege for randomizing the keys of other principals.

Normally, when a Kerberos administrator randomizes the keys of a
service principal, kadmind returns only the new keys.  This prevents
an administrator who lacks legitimate privileged access to a service
from forging tickets to authenticate to that service.  If the
"keepold" flag to the kadmin randkey RPC operation is true, kadmind
retains the old keys in the KDC database as intended, but also
unexpectedly returns the old keys to the client, which exposes the
service to ticket forgery attacks from the administrator.

A mitigating factor is that legitimate clients of the affected service
will start failing to authenticate to the service once they begin to
receive service tickets encrypted in the new keys.  The affected
service will be unable to decrypt the newly issued tickets, possibly
alerting the legitimate administrator of the affected service.

CVSSv2: AV:N/AC:H/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C

[tlyu@mit.edu: CVE description and CVSS score]

(cherry picked from commit af0ed4df4dfae762ab5fb605f5a0c8f59cb4f6ca)

https://github.com/krb5/krb5/commit/3bf9e33f9d66c0eef486cbd83f9e4f13a74d12c3
Author: Greg Hudson <ghudson@mit.edu>
Committer: Tom Yu <tlyu@mit.edu>
Commit: 3bf9e33f9d66c0eef486cbd83f9e4f13a74d12c3
Branch: krb5-1.13
 src/lib/kadm5/srv/svr_principal.c |   21 ++++++++++++++++++---
 1 files changed, 18 insertions(+), 3 deletions(-)


Download (untitled) 1.7k
      Wed Dec 16 18:03:03 2015  tlyu - Keyword pullup deleted