Bug 2182135

Summary: CVE-2022-37967: MS-PAC extended KDC signature [f37]
Product: [Fedora] Fedora Reporter: Julien Rische <jrische>
Component: krb5Assignee: Julien Rische <jrische>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 37CC: abokovoy, antorres, fdvorak, ftrivino, jrische, j, jwboyer, mjurasek, sbose, ssorce
Target Milestone: ---Keywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 2169477 Environment:
Last Closed: 2023-07-19 15:01:31 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2169477, 2165827    
Bug Blocks: 2166001, 2182671    

Description Julien Rische 2023-03-27 16:12:14 UTC
+++ This bug was initially created as a clone of Bug #2169477 +++

A paper by Tom Tervoort[1] noted that computing the PAC privsvr checksum over only the server checksum is vulnerable to collision attacks. In response, Microsoft has added a second KDC checksum over the full contents of the PAC[2].

This change will be required for PAC signatures to be accepted by AD from the 2023-07-11[3].

[1] https://i.blackhat.com/EU-22/Thursday-Briefings/EU-22-Tervoort-Breaking-Kerberos-RC4-Cipher-and-Spoofing-Windows-PACs-wp.pdf
[2] https://winprotocoldoc.blob.core.windows.net/productionwindowsarchives/MS-PAC/%5bMS-PAC%5d-20221212-diff.pdf
[3] https://support.microsoft.com/en-us/topic/kb5020805-how-to-manage-kerberos-protocol-changes-related-to-cve-2022-37967-997e9acc-67c5-48e1-8d0d-190269bf4efb

Comment 1 Julien Rische 2023-06-30 10:48:41 UTC
Pull request:
https://src.fedoraproject.org/rpms/krb5/pull-request/39

Comment 2 Julien Rische 2023-07-03 08:07:38 UTC
The current backport fails to pass the following upstream test:

PYTHONPATH=../util VALGRIND="" python3 ./t_authdata.py 
*** Failure: expected authdata not seen for basic request
*** Last mark: baseline authdata
*** Last command (#9): ./adata host/buildvm-a64-19.iad2.fedoraproject.org
*** Output of last command:
^-42: Hello, KDC issued acceptor world!
?512: 301EA003020112A1173015A003020110A10E040CACDC98594C36DEF590A3A1D5
For details, see: /builddir/build/BUILD/krb5-1.19.2/src/tests/testlog
Or re-run this test script with the -v flag:
    cd /builddir/build/BUILD/krb5-1.19.2/src/tests
    PYTHONPATH=/builddir/build/BUILD/krb5-1.19.2/src/util /usr/bin/python3 ./t_authdata.py -v
Use --debug=NUM to run a command under a debugger.  Use
--stop-after=NUM to stop after a daemon is started in order to
attach to it with a debugger.  Use --help to see other
options.

Comment 3 Julien Rische 2023-07-19 15:01:31 UTC
Not supporting the new PAC extended KDC signature would only affect cross-realm resource-based constrained delegation requests between FreeIPA and Active Directory. But this type of requests are not supported by FreeIPA at this point anyway. Hence, backporting this feature to Fedora 37 will not have any benefit.