Bug 1349042 - Incorrect length calculation in libkrad
Summary: Incorrect length calculation in libkrad
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: krb5
Version: 7.3
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Robbie Harwood
QA Contact: Patrik Kis
URL:
Whiteboard:
: 1344031 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-06-22 15:04 UTC by Nathaniel McCallum
Modified: 2019-11-14 08:29 UTC (History)
5 users (show)

Fixed In Version: krb5-1.14.1-18.el7
Doc Type: Bug Fix
Doc Text:
Cause: Incorrect length calculation in libkrad Consequence: ipa-otpd may experience timeouts Fix: Check length correctly Result: No more timeouts
Clone Of:
Environment:
Last Closed: 2016-11-03 20:25:29 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 1344031 1 None None None 2021-01-20 06:05:38 UTC
Red Hat Product Errata RHSA-2016:2591 0 normal SHIPPED_LIVE Low: krb5 security, bug fix, and enhancement update 2016-11-03 12:10:29 UTC

Internal Links: 1344031

Description Nathaniel McCallum 2016-06-22 15:04:50 UTC
Upstream pull request: https://github.com/krb5/krb5/pull/471

Comment 7 Robbie Harwood 2016-06-29 15:16:21 UTC
*** Bug 1344031 has been marked as a duplicate of this bug. ***

Comment 11 thibaut.pouzet 2016-08-09 14:12:07 UTC
Should I be worried about this bug becoming a security issue if properly exploited ?

Comment 12 Robbie Harwood 2016-08-09 15:18:26 UTC
(In reply to thibaut.pouzet from comment #11)
> Should I be worried about this bug becoming a security issue if properly
> exploited ?

If exploited, it's a network-controlled write past the end of a buffer.  This buffer is on the heap, so it's very hard (though not impossible) to actually exploit.  That this issue may cause sporadic application failures was deemed a more pressing issue.

Comment 14 errata-xmlrpc 2016-11-03 20:25:29 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2016-2591.html


Note You need to log in before you can comment on or make changes to this bug.