A null pointer dereference flaw was found in Kerberos's GSS-API spnego security mechanism implemenation. A local user could use this flaw to cause a denial of service (krb5 daemon crash) via invalid ContextFlags for the reqFlags field in the NegTokenInit (RFC 4178). References: http://krbdev.mit.edu/rt/Ticket/Display.html?user=guest&pass=guest&id=6402 Upstream patch: http://src.mit.edu/fisheye/changelog/krb5/?cs=22099
krb5-1.6.3-17.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/krb5-1.6.3-17.fc10
krb5-1.6.3-15.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/krb5-1.6.3-15.fc9
This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 2.1, 3, and 4.
Upstream commit: http://anonsvn.mit.edu/cgi-bin/viewcvs.cgi?rev=22084&view=rev
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-0845 to the following vulnerability: Name: CVE-2009-0845 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0845 Assigned: 20090306 Reference: CONFIRM: http://krbdev.mit.edu/rt/Ticket/Display.html?user=guest&pass=guest&id=6402 Reference: CONFIRM: http://src.mit.edu/fisheye/browse/krb5/trunk/src/lib/gssapi/spnego/spnego_mech.c?r1=21875&r2=22084 Reference: CONFIRM: http://src.mit.edu/fisheye/changelog/krb5/?cs=22084 Reference: BID:34257 Reference: URL: http://www.securityfocus.com/bid/34257 Reference: SECUNIA:34347 Reference: URL: http://secunia.com/advisories/34347 Reference: VUPEN:ADV-2009-0847 Reference: URL: http://www.vupen.com/english/advisories/2009/0847 The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token.
Covered now in upstream security advisory: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-001.txt Final upstream patch differs from the previous one: https://bugzilla.redhat.com/show_bug.cgi?id=491033#c7
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2009:0408 https://rhn.redhat.com/errata/RHSA-2009-0408.html
krb5-1.6.3-16.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
krb5-1.6.3-18.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in: Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2009-0408.html Fedora: https://admin.fedoraproject.org/updates/F10/FEDORA-2009-2852 https://admin.fedoraproject.org/updates/F9/FEDORA-2009-2834
This comment was flagged a spam, view the edit history to see the original text if required.