RT/krbdev.mit.edu: Ticket #5706 fix CVE-2007-3999, CVE-2007-4743 svc_auth

RT/krbdev.mit.edu: Ticket #5706 fix CVE-2007-3999, CVE-2007-4743 svc_auth_gss.c buffer overflow

Signed in as guest.
[Logout]

[Home]

[Search]

[Configuration]

[Display]

[History]

[Basics]

[Dates]

[People]

[Links]

[Jumbo]

The Basics

Id
5706

Status
resolved

Worked
0 min

Priority
0/0

Queue
krb5

Keyword Selections

Component	krb5-libs
Version_reported
Version_Fixed	1.6.3
Target_Version	1.6.3
Tags	pullup

Relationships

Depends on:

Depended on by:

Parents:

Children:

Refers to:

Referred to by:

5928: (tlyu) (1.5.x) fix MITKRB5-SA-2007-006 svc_auth_gss.c buffer overflow [CVE-2007-3999, CVE-2007-4743] [resolved]

Dates

Created:	Tue Sep 4 14:53:00 2007
Starts:	Not set
Started:	Tue Sep 4 14:53:03 2007
Last Contact:	Not set
Due:	Not set
Updated:	Tue Sep 18 19:36:05 2007 by tlyu

People

Owner
tlyu
Requestors
tlyu@mit.edu
Cc

AdminCc

More about Tom Yu

Comments about this user:
No comment entered about this user
This user's 25 highest priority tickets:

6204: meta-ticket for tracking Apple patches (open)
1149: KDC client lockout for DISALLOW_ALL_TIX or expiration (new)
1247: rpc unit tests need real synchronization (open)
1348: sketchy uses of longjmp in util/ss/listen.c (new)
1479: kdc.conf should allow KDC directory re-homing (new)
1685: consider calling remove_error_table() in krb5_free_context() (new)
2644: fakeka.c should use life_to_time/time_to_life (new)
2934: document shared lib build requirements (new)
2937: GSSAPI authorization data export (open)
2938: support 64-bit Windows (open)
3775: krb5_gss_accept_sec_context should handle inconsistent mutual auth requests (open)
4740: cccursor backend for MSLSA (new)
5531: SPNEGO acc_ctx_call_acc should only call gssint_get_mech_type for 1st token (new)
5627: handle off-path TGT referrals in krb5_get_cred_from_kdc() [rdar 3679887] (open)
6034: rework gic_opt_ext to be more portable (open)
6205: IP_RECVDSTADDR support for kpasswd server (open)
6212: Apple patch for Common Crypto (new)
6213: Apple patch to use pidfile (FreeBSD) for daemons (new)
6228: Apple patch: KDC notify password server (new)
6229: Apple-specific manpage pathname fixes (new)
6230: Apple Seatbelt support for kadmind and KDC (new)
6232: Apple manpage fix to delete reference to Kerberos.app (new)
6233: Apple patch to instal newsyslog config (new)
6234: Apple config file support for password server (new)
6235: install target for KerberosLite (new)

History

Display mode: [Brief headers] [Full headers]

Tue Sep 4 14:53:01 2007	tlyu - Ticket created
From: tlyu@mit.edu Subject: SVN Commit Make sure svcauth_gss_validate adequately checks oa->oa_length prior to copying into rpcbuf. Commit By: tlyu Revision: 19913 Changed Files: _U trunk/ U trunk/src/lib/rpc/svc_auth_gss.c		Download (untitled) 192b
Tue Sep 4 14:53:03 2007	tlyu - Requestor tlyu@mit.edu added
Tue Sep 4 14:53:04 2007	tlyu - Status changed from new to resolved
Tue Sep 4 14:53:04 2007	tlyu - Tags pullup added
Tue Sep 4 14:53:04 2007	tlyu - Component krb5-libs added
Tue Sep 4 14:53:05 2007	tlyu - Target_Version 1.6.3 added
Wed Sep 5 15:53:38 2007	tlyu - Correspondence added
From: tlyu@mit.edu Subject: SVN Commit Revise patch to avoid 32-byte overflow which remained after the initial patch. Memory written to by the IXDR macro calls had not been accounted for. Thanks to Kevin Coffman, Will Fiveash, and Nico Williams for discovering this bug and assisting with patch development. Commit By: tlyu Revision: 19923 Changed Files: _U trunk/ U trunk/src/lib/rpc/svc_auth_gss.c		Download (untitled) 371b
Wed Sep 5 17:26:32 2007	tlyu - Correspondence added
From: tlyu@mit.edu Subject: SVN Commit pull up r19913 from trunk r19913@cathode-dark-space: tlyu \| 2007-09-04 14:52:56 -0400 ticket: new subject: fix CVE-2007-3999 svc_auth_gss.c buffer overflow target_version: 1.6.3 tags: pullup component: krb5-libs Make sure svcauth_gss_validate adequately checks oa->oa_length prior to copying into rpcbuf. Commit By: tlyu Revision: 19924 Changed Files: _U branches/krb5-1-6/ U branches/krb5-1-6/src/lib/rpc/svc_auth_gss.c		Download (untitled) 443b
Wed Sep 5 17:27:07 2007	tlyu - Version_Fixed 1.6.3 added
Wed Sep 5 17:27:07 2007	tlyu - Correspondence added
From: tlyu@mit.edu Subject: SVN Commit pull up r19923 from trunk r19923@cathode-dark-space: tlyu \| 2007-09-05 15:53:33 -0400 ticket: 5706 Revise patch to avoid 32-byte overflow which remained after the initial patch. Memory written to by the IXDR macro calls had not been accounted for. Thanks to Kevin Coffman, Will Fiveash, and Nico Williams for discovering this bug and assisting with patch development. Commit By: tlyu Revision: 19925 Changed Files: _U branches/krb5-1-6/ U branches/krb5-1-6/src/lib/rpc/svc_auth_gss.c		Download (untitled) 509b
Tue Sep 18 19:36:03 2007	tlyu - Subject changed from fix CVE-2007-3999 svc_auth_gss.c buffer overflow to fix CVE-2007-3999, CVE-2007-4743 svc_auth_gss.c buffer overflow
Tue Sep 18 19:36:04 2007	tlyu - Comments added
Note: the flawed patch for CVE-2007-3999 has been assigned CVE-2007-4743.		Download (untitled) 73b