Details: We received a report that a specially-crafted Kerberos AS-REQ packet can potentially cause a denial of service. Per the reporter: "A specially crafted Kerberos AS-REQ request may cause a failure on the directory server. Tested FreeIPA version: ipa-server-4.10.3 Steps to reproduce (see attachments): 1. Make request: kinit $(cat poc.txt) 2. Check krb5kdc log and ipactl status. (Directory Service: Stopped)
Created 389-ds-base tracking bugs for this issue: Affects: fedora-all [bug 2283631]
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2024:3591 https://access.redhat.com/errata/RHSA-2024:3591
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:3837 https://access.redhat.com/errata/RHSA-2024:3837
This issue has been addressed in the following products: Red Hat Directory Server 12.4 for RHEL 9 Via RHSA-2024:4092 https://access.redhat.com/errata/RHSA-2024:4092
This issue has been addressed in the following products: Red Hat Directory Server 11.8 for RHEL 8 Via RHSA-2024:4209 https://access.redhat.com/errata/RHSA-2024:4209
This issue has been addressed in the following products: Red Hat Directory Server 11.9 for RHEL 8 Via RHSA-2024:4210 https://access.redhat.com/errata/RHSA-2024:4210
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:4235 https://access.redhat.com/errata/RHSA-2024:4235
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2024:4633 https://access.redhat.com/errata/RHSA-2024:4633
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2024:5690 https://access.redhat.com/errata/RHSA-2024:5690
This issue has been addressed in the following products: Red Hat Directory Server 11.7 for RHEL 8 Via RHSA-2024:6576 https://access.redhat.com/errata/RHSA-2024:6576
This issue has been addressed in the following products: Red Hat Directory Server 12.2 EUS for RHEL 9 Via RHSA-2024:7458 https://access.redhat.com/errata/RHSA-2024:7458