Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 1120581 - (CVE-2014-4342) CVE-2014-4342 krb5: denial of service flaws when handling RFC 1964 tokens
CVE-2014-4342 krb5: denial of service flaws when handling RFC 1964 tokens
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
impact=low,public=20140626,reported=2...
: Security
Depends On: 1121510 1121511
Blocks: 1101912 1116197 1121513
  Show dependency treegraph
 
Reported: 2014-07-17 04:34 EDT by Huzaifa S. Sidhpurwala
Modified: 2015-03-06 05:08 EST (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
A buffer over-read flaw was found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker who is able to inject packets into a client or server application's GSSAPI session could use this flaw to crash the application.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-03-06 05:08:32 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2014:1389 normal SHIPPED_LIVE Moderate: krb5 security and bug fix update 2014-10-13 21:27:10 EDT
Red Hat Product Errata RHSA-2015:0439 normal SHIPPED_LIVE Moderate: krb5 security, bug fix and enhancement update 2015-03-05 09:38:14 EST

  None (edit)
Description Huzaifa S. Sidhpurwala 2014-07-17 04:34:49 EDT 
In MIT krb5 releases krb5-1.7 and later, an unauthenticated remote attacker with the ability to inject packets into a legitimately established GSSAPI application session can cause a program crash due to invalid memory references when reading beyond the end of a buffer or by causing a null pointer dereference.

References:

http://diswww.mit.edu:8008/menelaus.mit.edu/cvs-krb5/28388
https://github.com/krb5/krb5/commit/fb99962cbd063ac04c9a9d2cc7c75eab73f3533d
Comment 1 Siddharth Sharma 2014-07-17 05:35:23 EDT 
A remote unauthenticated attacker is able to send a specially crafted packet to crash a Kerberos server. The kg_unseal_v1 and kg_unseal_v1_iov functions in GSSAPI are reachable externally, and do not handle issues like handling of invalid RFC 1964 tokens and checking for header length less than 22 bytes. CVE-2014-4342 affects MIT krb5 releases krb5-1.7 and later.
Comment 2 Siddharth Sharma 2014-07-17 06:20:10 EDT 
Statement:

This issue did not affect the version of krb5 as shipped with Red Hat Enterprise Linux 5.
Comment 4 Martin Prpič 2014-10-08 04:39:14 EDT 
IssueDescription:

A buffer over-read flaw was found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker who is able to inject packets into a client or server application's GSSAPI session could use this flaw to crash the application.
Comment 5 errata-xmlrpc 2014-10-14 04:10:59 EDT 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2014:1389 https://rhn.redhat.com/errata/RHSA-2014-1389.html
Comment 6 errata-xmlrpc 2015-03-05 05:01:03 EST 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2015:0439 https://rhn.redhat.com/errata/RHSA-2015-0439.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.