RT/krbdev.mit.edu: Ticket #7093 Access controls for string RPCs [CVE-2012-1012]

RT/krbdev.mit.edu: Ticket #7093 Access controls for string RPCs [CVE-2012-1012]

Signed in as guest.
[Logout]

[Home]

[Search]

[Configuration]

[Display]

[History]

[Basics]

[Dates]

[People]

[Links]

[Jumbo]

The Basics

Id
7093

Status
resolved

Worked
0 min

Priority
0/0

Queue
krb5

Keyword Selections

Component
Tags
Version_reported
Version_Fixed	1.10.1
Target_Version	1.10.1

Relationships

Depends on:

Depended on by:

Parents:

Children:

Refers to:

Referred to by:

7097: (ghudson) improve kadm5 acl testing coverage [resolved]

Dates

Created:	Tue Feb 21 14:14:47 2012
Starts:	Not set
Started:	Tue Feb 21 14:14:47 2012
Last Contact:	Tue Feb 21 23:11:57 2012
Due:	Not set
Updated:	Wed Dec 16 18:02:58 2015 by tlyu

People

Owner
ghudson
Requestors
ghudson@mit.edu
Cc

AdminCc

More about Greg Hudson

Comments about this user:
No comment entered about this user
This user's 25 highest priority tickets:

438: login.c uses wrong criteria to set KRB_ENVIRON (new)
6641: Typed-in master passwords should use enctypes in K/M entry (new)
6782: Master KDC lookup can use SRV lookups despite profile KDC configuration (new)
6803: Config variable for default ccache directory (open)
6831: kadmin should use krb5int_locate_server, honor SRV records (open)
7004: get_creds should restore authdata for non-referral fallback (new)
7024: PAC resigning should support buffer resizing (open)
7044: gss_init_sec_context misbehaves on mismatched credentials (new)
7062: PKINIT pa_pk_as_req_draft9 encoding issues (open)
7071: PKINIT trusted_ca encoding issues (open)
7083: SPNEGO doesn't implement gss_inquire_cred_by_mech (open)
7090: krb5_gss_get_name_attribute minor cleanup issue (open)
7108: Move build system to top level (new)
7171: Multiple GSSAPI krb5 mechanism variants cause repeated operations (new)
7191: KDC should use encrypted-timestamp key for reply key (new)
7549: KDC name type return issues (new)
7672: KDC can emit PREAUTH_REQUIRED error with useless hint list (open)
7694: gsskrb5_extract_authz_data_from_sec_context misses AD-IF-RELEVANT containers (open)
7707: Credential cache API does not support atomic reinitialization (open)
7720: Set expiration times on keyring credentials (open)
7721: master_kdc is resolved sooner than necessary (open)
7743: kadmin cannot add principal and extract random key in one step (open)
7754: LDAP KDB module uses anonymous bind when following referrals (open)
7765: Some ccache functions not exported (open)
7766: Keyring last_change_time implementation isn't useful (open)

History

Display mode: [Brief headers] [Full headers]

Tue Feb 21 14:14:47 2012	ghudson - Ticket created
From: ghudson@mit.edu Subject: SVN Commit In the kadmin protocol, make the access controls for get_strings/set_string mirror those of get_principal/modify_principal. Previously, anyone with global list privileges could get or modify string attributes on any principal. The impact of this depends on how generous the kadmind acl is with list permission and whether string attributes are used in a deployment (nothing in the core code uses them yet). CVSSv2 vector: AV:N/AC:M/Au:S/C:P/I:P/A:N/E:H/RL:O/RC:C http://src.mit.edu/fisheye/changelog/krb5/?cs=25704 Commit By: ghudson Revision: 25704 Changed Files: U trunk/src/kadmin/server/server_stubs.c		Download (untitled) 612b
Tue Feb 21 14:14:47 2012	ghudson - Requestor ghudson@mit.edu added
Tue Feb 21 14:14:47 2012	ghudson - Status changed from new to review
Tue Feb 21 14:14:47 2012	ghudson - Tags pullup added
Tue Feb 21 14:14:48 2012	ghudson - Target_Version 1.10.1 added
Tue Feb 21 23:11:57 2012	tlyu - Status changed from review to resolved
Tue Feb 21 23:11:57 2012	tlyu - Version_Fixed 1.10.1 added
Tue Feb 21 23:11:57 2012	tlyu - Correspondence added
From: tlyu@mit.edu Subject: SVN Commit Pull up r25704 from trunk ------------------------------------------------------------------------ r25704 \| ghudson \| 2012-02-21 14:14:47 -0500 (Tue, 21 Feb 2012) \| 15 lines ticket: 7093 subject: Access controls for string RPCs [CVE-2012-1012] target_version: 1.10.1 tags: pullup In the kadmin protocol, make the access controls for get_strings/set_string mirror those of get_principal/modify_principal. Previously, anyone with global list privileges could get or modify string attributes on any principal. The impact of this depends on how generous the kadmind acl is with list permission and whether string attributes are used in a deployment (nothing in the core code uses them yet). CVSSv2 vector: AV:N/AC:M/Au:S/C:P/I:P/A:N/E:H/RL:O/RC:C http://src.mit.edu/fisheye/changelog/krb5/?cs=25709 Commit By: tlyu Revision: 25709 Changed Files: U branches/krb5-1-10/src/kadmin/server/server_stubs.c		Download (untitled) 919b
Wed Dec 16 18:02:58 2015	tlyu - Keyword pullup deleted