Red Hat Bugzilla – Bug 1179863
CVE-2014-9423 krb5: libgssrpc server applications leak uninitialized bytes (MITKRB5-SA-2015-001)
Last modified: 2015-11-04 04:01:45 EST
Upstream reports that libgssrpc applications including kadmind output four or eight bytes of uninitialized memory to the network as part of an unused "handle" field in replies to clients. An attacker could attempt to glean sensitive information from the four or eight bytes of uninitialized data output by kadmind or other libgssrpc server application. Because MIT krb5 generally sanitizes memory containing krb5 keys before freeing it, it is unlikely that kadmind would leak Kerberos key information, but it is not impossible. RFC 2203 defines structures for the RPCSEC_GSS authentication flavor. The rpc_gss_init_res structure which conveys responses to the client contains an opaque "handle" field which is supposed to be used to identify the GSS-API security context. The client mirrors this field back to the server in the "handle" field of rpc_gss_cred_vers_1_t in subsequent requests. The MIT krb5 implementation of RPCSEC_GSS does not use the handle to find the GSS-API context, but it still provides a handle value to the client. To provide this value, it copies the first eight or sixteen bytes out of the GSS-API security context handle. (The number of bytes depends on the platform's pointer size; it is eight bytes on a 32-bit platform and sixteen bytes on a 64-bit platform.) In release krb5-1.11, an unused "interposer" field was added to the mechglue GSS security context structure as the second pointer field. Because this field is unused, it remains uninitialized, so the second half of the bytes copied from the GSS security context handle are uninitialized. The contents of the uninitialized bytes could contain any heap data previously freed by the application or any library it uses. The MIT Kerberos libraries and kadmind are generally careful to zero out sensitive data such as Kerberos key data before freeing it, but there is nevertheless a risk of leakage of a small amount of sensitive data to the network. Suggested patch to fix this issue, as well as CVE-2014-5352, CVE-2014-9421 and CVE-2014-9422 is attached to https://bugzilla.redhat.com/show_bug.cgi?id=1179856
Acknowledgements: Red Hat would like to thank the MIT Kerberos project for reporting this issue.
According to MIT, server software (including third-party applications) using libgssrpc from release krb5-1.11 and later are vulnerable.
krb5 as shipped with Red Hat Enterprise Linux 5 and 6 are not affected by this as the flaw as noted in the upstream advisory was introduced in 1.11.
External References: http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2015-001.txt
Statement: This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 5 and 6 as the flaw was introduced in a later version (1.11).
Created krb5 tracking bugs for this issue: Affects: fedora-all [bug 1188869]
Upstream commit: https://github.com/krb5/krb5/commit/5bb8a6b9c9eb8dd22bc9526751610aaa255ead9c
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:0439 https://rhn.redhat.com/errata/RHSA-2015-0439.html
krb5-1.11.5-18.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
krb5-1.12.2-14.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.