Bug 1145425 (CVE-2014-5351)

Summary: CVE-2014-5351 krb5: current keys returned when randomizing the keys for a service principal
Product: [Other] Security Response Reporter: Murray McAllister <mmcallis>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: dpal, jplans, nalin, nathaniel
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: krb5 1.13 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-01-20 17:24:57 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1145426    
Bug Blocks: 1145428    

Description Murray McAllister 2014-09-23 04:21:17 UTC 
It was reported that if a privileged user randomized the keys for a service principal, the old key would be returned to them. This could lead to ticket forgery attacks on the service in question.

This issue has been fixed in upstream version 1.13. Red Hat Enterprise Linux 6 and 7 are affected.

Full details from the upstream report:

""
An authenticated remote attacker can retrieve the current keys for a
service principal when generating a new set of keys for that
principal.  The attacker needs to be authenticated as a user who has
the elevated privilege for randomizing the keys of other principals.

Normally, when a Kerberos administrator randomizes the keys of a
service principal, kadmind returns only the new keys.  This prevents
an administrator who lacks legitimate privileged access to a service
from forging tickets to authenticate to that service.  If the
"keepold" flag to the kadmin randkey RPC operation is true, kadmind
retains the old keys in the KDC database as intended, but also
unexpectedly returns the old keys to the client, which exposes the
service to ticket forgery attacks from the administrator.

A mitigating factor is that legitimate clients of the affected service
will start failing to authenticate to the service once they begin to
receive service tickets encrypted in the new keys.  The affected
service will be unable to decrypt the newly issued tickets, possibly
alerting the legitimate administrator of the affected service.
""

Upstream patch:

https://github.com/krb5/krb5/commit/af0ed4df4dfae762ab5fb605f5a0c8f59cb4f6ca

References:

http://krbdev.mit.edu/rt/Ticket/Display.html?id=8018
Comment 1 Murray McAllister 2014-09-23 04:21:49 UTC 
Created krb5 tracking bugs for this issue:

Affects: fedora-all [bug 1145426]
Comment 3 Fedora Update System 2014-10-08 19:01:51 UTC 
krb5-1.12.2-9.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 5 Vincent Danen 2015-01-20 17:24:40 UTC 
Statement:

Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.