Bug 1121876 (CVE-2014-4343)
Summary: | CVE-2014-4343 krb5: double-free flaw in SPNEGO initiators | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Murray McAllister <mmcallis> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | carnil, dpal, dsirrine, jplans, jrusnack, nalin, nathaniel, rmainz, sashaikh, sisharma |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
A double-free flaw was found in the MIT Kerberos SPNEGO initiators. An attacker able to spoof packets to appear as though they are from an GSSAPI acceptor could use this flaw to crash a client application that uses MIT Kerberos.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2015-03-06 10:10:32 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1121510, 1121789, 1121879 | ||
Bug Blocks: | 1101912, 1121513, 1121882 |
Description
Murray McAllister
2014-07-22 06:23:03 UTC
Created krb5 tracking bugs for this issue: Affects: fedora-all [bug 1121879] spnego_gss_init_sec_context -> init_ctx_cont -> init_ctx_nego -> init_ctx_reselect It is possible for unauthenticated attacker to crash the clients, as in the process according to RFC SPNEGO uses pseudo-mechanism which checks which gssapi mechanisms can be used. SPNEGO is not used by default. It requires high complexity to execute such attack as it also involves spoofing Web Server SSL certificate also. Statement: This issue did not affect the version of krb5 as shipped with Red Hat Enterprise Linux 5. krb5-1.11.3-24.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report. krb5-1.11.5-10.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. IssueDescription: A double-free flaw was found in the MIT Kerberos SPNEGO initiators. An attacker able to spoof packets to appear as though they are from an GSSAPI acceptor could use this flaw to crash a client application that uses MIT Kerberos. This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2014:1389 https://rhn.redhat.com/errata/RHSA-2014-1389.html This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:0439 https://rhn.redhat.com/errata/RHSA-2015-0439.html |