Bug 1031499 (CVE-2013-6800)
Summary: | CVE-2013-6800 krb5: KDC remote DoS (NULL pointer dereference and daemon crash) | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Ratul Gupta <ratulg> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | dpal, fweimer, jkurik, jplans, jrusnack, nalin, nathaniel, pfrields, pkis, rmainz |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2014-10-14 09:22:10 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1026981, 1031501, 1089845, 1121510 | ||
Bug Blocks: | 1026945, 1063682, 1101912 |
Description
Ratul Gupta
2013-11-18 06:38:29 UTC
Created krb5 tracking bugs for this issue: Affects: fedora-all [bug 1031501] This has a different identifier from CVE-2013-1418, but points to the same patch. Is there anything to update in the packaging here beyond what we already did for 1418? No. I'm not sure why they split this other than the code looks slightly different but the fix is identical, and one is in 1.10.x and other 1.12. I'm actually at a complete loss as to why MITRE did this. As far as I'm concerned, this is CVE-2013-1418 (or bug #1026942). Okay, then. I'll see if I can add this to the changelogs in source control, so that if/when we push other updates it'll show up there. Thanks! Yeah, I think for some reason that this is for 1.10.x and the other is for 1.11 (which makes no sense as the code is so similar). I guess mention it but I'm quite certain these two CVEs should be one. Apparently, split was triggered by this wording in the upstream RT / commit: *A related* but more minor vulnerability requires authentication to exploit, and is only present if a third-party KDC database module can dereference a null pointer under certain conditions. Note: This issue can be triggered only if multiple realms are served from one KDC Statement: (none) IssueDescription: It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. This issue has been addressed in the following products: Red Hat Enterprise Linux 5 Via RHSA-2014:1245 https://rhn.redhat.com/errata/RHSA-2014-1245.html This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2014:1389 https://rhn.redhat.com/errata/RHSA-2014-1389.html |