674325 – (CVE-2011-0284) CVE-2011-0284 krb5 (krb5kdc): Double-free flaw by handling error messages upon receiving certain AS_REQ's (MITKRB5-SA-2011-003)

Bug 674325 (CVE-2011-0284) - CVE-2011-0284 krb5 (krb5kdc): Double-free flaw by handling error messages upon receiving certain AS_REQ's (MITKRB5-SA-2011-003)

Summary: CVE-2011-0284 krb5 (krb5kdc): Double-free flaw by handling error messages upo...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2011-0284
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:	http://web.mit.edu/kerberos/advisorie...
Whiteboard:
Depends On:	681564 681565 688094
Blocks:
TreeView+	depends on / blocked

Reported:	2011-02-01 13:37 UTC by Jan Lieskovsky
Modified:	2019-09-29 12:42 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-11-05 16:55:28 UTC
Embargoed:

Attachments	(Terms of Use)
Proposed patch from Nalin Dahyabhai to fix the issue (778 bytes, patch) 2011-02-01 13:44 UTC, Jan Lieskovsky	no flags	Details \| Diff
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2011:0356	0	normal	SHIPPED_LIVE	Important: krb5 security update	2011-03-16 10:11:46 UTC

Description Jan Lieskovsky 2011-02-01 13:37:30 UTC

A double-free flaw was found in the way the MIT Kerberos
KDC handled initial authentication requests (AS-REQ), when
the KDC was configured to provide the PKINIT capability.
A remote attacker could use this flaw to cause the KDC
daemon to abort by using a specially-crafted AS-REQ request. 
Different vulnerability than CVE-2010-1320 and CVE-2005-1174.

Comment 2 Jan Lieskovsky 2011-02-01 13:44:27 UTC

Created attachment 476397 [details]
Proposed patch from Nalin Dahyabhai to fix the issue

Comment 3 Jan Lieskovsky 2011-02-01 13:45:57 UTC

This issue did NOT affect the versions of the krb5 package, as shipped
with Red Hat Enterprise Linux 3, 4, or 5.

This issue affects the version of the krb5 package, as shipped 
with Red Hat Enterprise Linux 6.

--

This issue affects the versions of the krb5 package, as shipped with
Fedora release of 13 and 14.

Comment 7 Jan Lieskovsky 2011-02-04 11:01:27 UTC

The CVE identifier of CVE-2011-0284 has been assigned to this issue.

Comment 16 Tomas Hoger 2011-03-15 19:25:01 UTC

Public now via:
  http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2011-003.txt

Comment 17 errata-xmlrpc 2011-03-16 10:11:52 UTC

This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2011:0356 https://rhn.redhat.com/errata/RHSA-2011-0356.html

Comment 18 Huzaifa S. Sidhpurwala 2011-03-16 10:17:11 UTC

Created krb5 tracking bugs for this issue

Affects: fedora-all [bug 688094]

Note You need to log in before you can comment on or make changes to this bug.