Skip Menu |
 

From: ghudson@mit.edu
Subject: git commit
Download (untitled) / with headers
text/plain 1.1KiB

Prevent KDC unset status assertion failures

Assign status values if S4U2Self padata fails to decode, if an
S4U2Proxy request uses invalid KDC options, or if an S4U2Proxy request
uses an evidence ticket which does not match the canonicalized request
server principal name. Reported by Samuel Cabrero.

If a status value is not assigned during KDC processing, default to
"UNKNOWN_REASON" rather than failing an assertion. This change will
prevent future denial of service bugs due to similar mistakes, and
will allow us to omit assigning status values for unlikely errors such
as small memory allocation failures.

CVE-2017-11368:

In MIT krb5 1.7 and later, an authenticated attacker can cause an
assertion failure in krb5kdc by sending an invalid S4U2Self or
S4U2Proxy request.

CVSSv3 Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C

https://github.com/krb5/krb5/commit/ffb35baac6981f9e8914f8f3bffd37f284b85970
Author: Greg Hudson <ghudson@mit.edu>
Commit: ffb35baac6981f9e8914f8f3bffd37f284b85970
Branch: master
src/kdc/do_as_req.c | 4 ++--
src/kdc/do_tgs_req.c | 3 ++-
src/kdc/kdc_util.c | 10 ++++++++--
3 files changed, 12 insertions(+), 5 deletions(-)
From: ghudson@mit.edu
Subject: git commit
Download (untitled) / with headers
text/plain 1.2KiB

Prevent KDC unset status assertion failures

Assign status values if S4U2Self padata fails to decode, if an
S4U2Proxy request uses invalid KDC options, or if an S4U2Proxy request
uses an evidence ticket which does not match the canonicalized request
server principal name. Reported by Samuel Cabrero.

If a status value is not assigned during KDC processing, default to
"UNKNOWN_REASON" rather than failing an assertion. This change will
prevent future denial of service bugs due to similar mistakes, and
will allow us to omit assigning status values for unlikely errors such
as small memory allocation failures.

CVE-2017-11368:

In MIT krb5 1.7 and later, an authenticated attacker can cause an
assertion failure in krb5kdc by sending an invalid S4U2Self or
S4U2Proxy request.

CVSSv3 Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C

(cherry picked from commit ffb35baac6981f9e8914f8f3bffd37f284b85970)

https://github.com/krb5/krb5/commit/b2b06faaf391498da35e014dcfccb0c0792eb116
Author: Greg Hudson <ghudson@mit.edu>
Commit: b2b06faaf391498da35e014dcfccb0c0792eb116
Branch: krb5-1.15
src/kdc/do_as_req.c | 4 ++--
src/kdc/do_tgs_req.c | 3 ++-
src/kdc/kdc_util.c | 10 ++++++++--
3 files changed, 12 insertions(+), 5 deletions(-)
From: ghudson@mit.edu
Subject: git commit
Download (untitled) / with headers
text/plain 1.2KiB

Prevent KDC unset status assertion failures

Assign status values if S4U2Self padata fails to decode, if an
S4U2Proxy request uses invalid KDC options, or if an S4U2Proxy request
uses an evidence ticket which does not match the canonicalized request
server principal name. Reported by Samuel Cabrero.

If a status value is not assigned during KDC processing, default to
"UNKNOWN_REASON" rather than failing an assertion. This change will
prevent future denial of service bugs due to similar mistakes, and
will allow us to omit assigning status values for unlikely errors such
as small memory allocation failures.

CVE-2017-11368:

In MIT krb5 1.7 and later, an authenticated attacker can cause an
assertion failure in krb5kdc by sending an invalid S4U2Self or
S4U2Proxy request.

CVSSv3 Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C

(cherry picked from commit ffb35baac6981f9e8914f8f3bffd37f284b85970)

https://github.com/krb5/krb5/commit/f1190a43fb6de5b70a11cd6ec97978e05b6083f1
Author: Greg Hudson <ghudson@mit.edu>
Commit: f1190a43fb6de5b70a11cd6ec97978e05b6083f1
Branch: krb5-1.14
src/kdc/do_as_req.c | 4 ++--
src/kdc/do_tgs_req.c | 3 ++-
src/kdc/kdc_util.c | 10 ++++++++--
3 files changed, 12 insertions(+), 5 deletions(-)