Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (8.12.9) with ESMTP id l69JAeHW018731; Mon, 9 Jul 2007 15:10:40 -0400 (EDT) Received: from pch.mit.edu (pch.mit.edu [127.0.0.1]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id l69JAYkY027957; Mon, 9 Jul 2007 15:10:34 -0400 Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id l69J1Mxk026311 for ; Mon, 9 Jul 2007 15:01:22 -0400 Received: from mit.edu (W92-130-BARRACUDA-2.MIT.EDU [18.7.21.223]) by pacific-carrier-annex.mit.edu (8.13.6/8.9.2) with ESMTP id l69J1KTi002494 for ; Mon, 9 Jul 2007 15:01:20 -0400 (EDT) Received: from smtp3.stanford.edu (smtp3.Stanford.EDU [171.67.20.26]) by mit.edu (Spam Firewall) with ESMTP id 26B823B2D02; Mon, 9 Jul 2007 15:01:18 -0400 (EDT) Received: from smtp3.stanford.edu (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id 6109B4C98E; Mon, 9 Jul 2007 12:01:18 -0700 (PDT) Received: from windlord.stanford.edu (windlord.Stanford.EDU [171.64.19.147]) by smtp3.stanford.edu (Postfix) with ESMTP id 545F04C8D4; Mon, 9 Jul 2007 12:01:16 -0700 (PDT) Received: by windlord.stanford.edu (Postfix, from userid 1000) id 47EEEE7CEA; Mon, 9 Jul 2007 12:01:16 -0700 (PDT) From: Russ Allbery To: Andrew Reid Subject: Re: Bug#428732: [krbdev.mit.edu #5593] kadmin crashes during password changes In-Reply-To: <20070709185235.GA29464@smithers.nist.gov> (Andrew Reid's message of "Mon, 9 Jul 2007 14:52:35 -0400") Organization: The Eyrie References: <64F440A7-46B3-45A7-879C-A64E0927CDA3@mit.edu> <20070709185235.GA29464@smithers.nist.gov> Date: Mon, 09 Jul 2007 12:01:16 -0700 Message-ID: <87myy5s8oz.fsf@windlord.stanford.edu> User-Agent: Gnus/5.110006 (No Gnus v0.6) XEmacs/21.4.20 (linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Score: 0.12 X-Spam-Flag: NO X-Scanned-BY: MIMEDefang 2.42 X-Mailman-Approved-At: Mon, 09 Jul 2007 15:08:09 -0400 CC: Ken Raeburn , krb5-bugs@mit.edu, 428732@bugs.debian.org X-Beenthere: krb5-bugs-incoming@mailman.mit.edu X-Mailman-Version: 2.1.6 Precedence: list Sender: krb5-bugs-incoming-bounces@PCH.MIT.EDU Errors-To: krb5-bugs-incoming-bounces@PCH.MIT.EDU RT-Send-Cc: X-RT-Original-Encoding: us-ascii Content-Length: 902 Andrew Reid writes: > Will there be an "etch" security patch for this for amd64? The daemon > runs as root, so there's a potential exploit opportunity, and even if > there weren't, it's a possible DOS attack. It's a DoS attack really more than an exploit (sign extension bugs on internal calls that don't use user-supplied data, which I believe is a correct characterization of this problem, are unlikely to be exploitable), and I don't think the Debian security folks will consider it worth an advisory. I will, however, check with the stable release managers about uploading a fixed package for the next stable point release. Ken, I assume from the previous bug discussion that this was already fixed in 1.6? It looks like that file now includes k5-int.h and k5-int.h now includes time.h. -- Russ Allbery (rra@debian.org)