Bug 1116180 (CVE-2014-4341)
| Summary: | CVE-2014-4341 krb5: denial of service flaws when handling padding length longer than the plaintext | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Murray McAllister <mmcallis> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | barry.gestwicki.ctr, dpal, dsirrine, ekeck, huzaifas, jplans, jrusnack, nalin, nathaniel, rmainz, sashaikh, sisharma |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: |
A buffer over-read flaw was found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker who is able to inject packets into a client or server application's GSSAPI session could use this flaw to crash the application.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-03-06 10:06:27 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1116181, 1121509, 1121510, 1121511 | ||
| Bug Blocks: | 1063682, 1101912, 1116197, 1121513 | ||
|
Description
Murray McAllister
2014-07-04 01:54:50 UTC
Created krb5 tracking bugs for this issue: Affects: fedora-all [bug 1116181] There are two distinct flaws in krb5: CVE-2014-4341: Affects all shipped versions of krb5 package. CVE-2014-4342: Affects only krb5-1.7 and later. Hence it makes more sense to split this bug into two parts. We will use this flaw for CVE-2014-4341. In MIT krb5, an unauthenticated remote attacker with the ability to inject packets into a legitimately established GSSAPI application session can cause a program crash due to invalid memory references when attempting to read beyond the end of a buffer. CVE-2014-4342 is now filed as https://bugzilla.redhat.com/show_bug.cgi?id=1120581 A remote unauthenticated attacker is able to send a specially crafted packet to crash a Kerberos server. The kg_unseal_v1 and kg_unseal_v1_iov functions in GSSAPI are reachable externally and do not handle issues like checking for header length less than 22 bytes, shorter ciphertext than the confounder and declared padding length longer than the plaintext. Statement: (none) krb5-1.11.3-24.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report. krb5-1.11.5-10.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. IssueDescription: A buffer over-read flaw was found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker who is able to inject packets into a client or server application's GSSAPI session could use this flaw to crash the application. This issue has been addressed in the following products: Red Hat Enterprise Linux 5 Via RHSA-2014:1245 https://rhn.redhat.com/errata/RHSA-2014-1245.html This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2014:1389 https://rhn.redhat.com/errata/RHSA-2014-1389.html This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:0439 https://rhn.redhat.com/errata/RHSA-2015-0439.html |