Bug 648734 (CVE-2010-1323) - CVE-2010-1323 krb5: incorrect acceptance of certain checksums (MITKRB5-SA-2010-007)
Summary: CVE-2010-1323 krb5: incorrect acceptance of certain checksums (MITKRB5-SA-201...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2010-1323
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 651962 651963 652307 652308 652312 652313
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-11-01 23:57 UTC by Vincent Danen
Modified: 2019-09-29 12:40 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-06-20 16:58:17 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2010:0925 normal SHIPPED_LIVE Important: krb5 security and bug fix update 2010-11-30 22:43:45 UTC
Red Hat Product Errata RHSA-2010:0926 normal SHIPPED_LIVE Moderate: krb5 security update 2010-11-30 22:59:11 UTC

Description Vincent Danen 2010-11-01 23:57:53 UTC
Multiple checksum handling vulnerabilities were found in the MIT krb5 GSS-API
library:

* krb5 clients may accept unkeyed SAM-2 challenge checksums
* krb5 may accept KRB-SAFE checksums with low-entropy derived keys

The first flaw can allow an unauthenticated remote attacker to alter a SAM-2 challenge, affecting the prompt text seen by the user or the kind of response sent to the KDC.  Under some circumstances, this can negate the incremental security benefit of using a single-use authentication mechanism toekn.

The second flaw allows an unauthenticated remote attacker to have a 1/256 chance of forging KRB-SAFE messages in an application protocol, if the targeted pre-existing session uses an RC4 session key.  Few application protocols use KRB-SAFE messages.

These flaws affect MIT krb5 version 1.3 and newer.

A patch to correct this flaw, as well the other flaws noted in
MITKRB5-SA-2010-007 are available from
http://web.mit.edu/kerberos/advisories/2010-007-patch.txt (v1.8),
http://web.mit.edu/kerberos/advisories/2010-007-patch-r17.txt (v1.7),
http://web.mit.edu/kerberos/advisories/2010-007-patch-r16.txt (v1.6), and
http://web.mit.edu/kerberos/advisories/2010-007-patch-r15.txt (v1.5).

These issues are collectively known as CVE-2010-1323.  The upstream
announcement is available at
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt.


Acknowledgements:

Red Hat would like to thank the MIT Kerberos Team for reporting this issue.

Comment 9 errata-xmlrpc 2010-11-30 22:43:54 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2010:0925 https://rhn.redhat.com/errata/RHSA-2010-0925.html

Comment 10 errata-xmlrpc 2010-11-30 22:59:18 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 4
  Red Hat Enterprise Linux 5

Via RHSA-2010:0926 https://rhn.redhat.com/errata/RHSA-2010-0926.html


Note You need to log in before you can comment on or make changes to this bug.