Bug 674325 (CVE-2011-0284)

Summary: CVE-2011-0284 krb5 (krb5kdc): Double-free flaw by handling error messages upon receiving certain AS_REQ's (MITKRB5-SA-2011-003)
Product: [Other] Security Response Reporter: Jan Lieskovsky <jlieskov>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: dpal, ebenes, jplans, nalin, security-response-team, vdanen
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-003.txt
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-11-05 16:55:28 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 681564, 681565, 688094    
Bug Blocks:    
Attachments:
Description Flags
Proposed patch from Nalin Dahyabhai to fix the issue none

Description Jan Lieskovsky 2011-02-01 13:37:30 UTC 
A double-free flaw was found in the way the MIT Kerberos
KDC handled initial authentication requests (AS-REQ), when
the KDC was configured to provide the PKINIT capability.
A remote attacker could use this flaw to cause the KDC
daemon to abort by using a specially-crafted AS-REQ request. 
Different vulnerability than CVE-2010-1320 and CVE-2005-1174.
Comment 2 Jan Lieskovsky 2011-02-01 13:44:27 UTC 
Created attachment 476397 [details]
Proposed patch from Nalin Dahyabhai to fix the issue
Comment 3 Jan Lieskovsky 2011-02-01 13:45:57 UTC 
This issue did NOT affect the versions of the krb5 package, as shipped
with Red Hat Enterprise Linux 3, 4, or 5.

This issue affects the version of the krb5 package, as shipped 
with Red Hat Enterprise Linux 6.

--

This issue affects the versions of the krb5 package, as shipped with
Fedora release of 13 and 14.
Comment 7 Jan Lieskovsky 2011-02-04 11:01:27 UTC 
The CVE identifier of CVE-2011-0284 has been assigned to this issue.
Comment 16 Tomas Hoger 2011-03-15 19:25:01 UTC 
Public now via:
  http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2011-003.txt
Comment 17 errata-xmlrpc 2011-03-16 10:11:52 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2011:0356 https://rhn.redhat.com/errata/RHSA-2011-0356.html
Comment 18 Huzaifa S. Sidhpurwala 2011-03-16 10:17:11 UTC 
Created krb5 tracking bugs for this issue

Affects: fedora-all [bug 688094]