Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 648734 - (CVE-2010-1323) CVE-2010-1323 krb5: incorrect acceptance of certain checksums (MITKRB5-SA-2010-007)
CVE-2010-1323 krb5: incorrect acceptance of certain checksums (MITKRB5-SA-201...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
public=20101130,reported=20101101,sou...
: Security
Depends On: 651962 651963 652307 652308 652312 652313
Blocks:
  Show dependency treegraph
 
Reported: 2010-11-01 19:57 EDT by Vincent Danen
Modified: 2012-06-20 12:58 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-06-20 12:58:17 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2010:0925 normal SHIPPED_LIVE Important: krb5 security and bug fix update 2010-11-30 17:43:45 EST
Red Hat Product Errata RHSA-2010:0926 normal SHIPPED_LIVE Moderate: krb5 security update 2010-11-30 17:59:11 EST

  None (edit)
Description Vincent Danen 2010-11-01 19:57:53 EDT 
Multiple checksum handling vulnerabilities were found in the MIT krb5 GSS-API
library:

* krb5 clients may accept unkeyed SAM-2 challenge checksums
* krb5 may accept KRB-SAFE checksums with low-entropy derived keys

The first flaw can allow an unauthenticated remote attacker to alter a SAM-2 challenge, affecting the prompt text seen by the user or the kind of response sent to the KDC.  Under some circumstances, this can negate the incremental security benefit of using a single-use authentication mechanism toekn.

The second flaw allows an unauthenticated remote attacker to have a 1/256 chance of forging KRB-SAFE messages in an application protocol, if the targeted pre-existing session uses an RC4 session key.  Few application protocols use KRB-SAFE messages.

These flaws affect MIT krb5 version 1.3 and newer.

A patch to correct this flaw, as well the other flaws noted in
MITKRB5-SA-2010-007 are available from
http://web.mit.edu/kerberos/advisories/2010-007-patch.txt (v1.8),
http://web.mit.edu/kerberos/advisories/2010-007-patch-r17.txt (v1.7),
http://web.mit.edu/kerberos/advisories/2010-007-patch-r16.txt (v1.6), and
http://web.mit.edu/kerberos/advisories/2010-007-patch-r15.txt (v1.5).

These issues are collectively known as CVE-2010-1323.  The upstream
announcement is available at
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt.


Acknowledgements:

Red Hat would like to thank the MIT Kerberos Team for reporting this issue.
Comment 9 errata-xmlrpc 2010-11-30 17:43:54 EST 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2010:0925 https://rhn.redhat.com/errata/RHSA-2010-0925.html
Comment 10 errata-xmlrpc 2010-11-30 17:59:18 EST 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 4
  Red Hat Enterprise Linux 5

Via RHSA-2010:0926 https://rhn.redhat.com/errata/RHSA-2010-0926.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.