diff options
author | spz <spz> | 2013-05-16 22:04:58 +0000 |
---|---|---|
committer | spz <spz> | 2013-05-16 22:04:58 +0000 |
commit | ee836a8af062b47693aaecc7e2b7f4dda6faabd0 (patch) | |
tree | ffff7b3aec67479e8f839320bd6da8ddca8a1275 | |
parent | f0129af06facf30218d527d532ae932925140e95 (diff) | |
download | pkgsrc-ee836a8af062b47693aaecc7e2b7f4dda6faabd0.tar.gz |
Pullup ticket #4134 - requested by tez
security/mit-krb5: security fix
Revisions pulled up:
- security/mit-krb5/Makefile 1.70
- security/mit-krb5/distinfo 1.43
- security/mit-krb5/patches/patch-kadmin_server_schpw.c 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tez
Date: Mon May 13 22:42:34 UTC 2013
Modified Files:
pkgsrc/security/mit-krb5: Makefile distinfo
Added Files:
pkgsrc/security/mit-krb5/patches: patch-kadmin_server_schpw.c
Log Message:
The kpasswd service provided by kadmind was vulnerable to a UDP
"ping-pong" attack [CVE-2002-2443]. Don't respond to packets unless
they pass some basic validation, and don't respond to our own error
packets.
Some authors use CVE-1999-0103 to refer to the kpasswd UDP ping-pong
attack or UDP ping-pong attacks in general, but there is discussion
leading toward narrowing the definition of CVE-1999-0103 to the echo,
chargen, or other similar built-in inetd services.
https://github.com/krb5/krb5/commit/cf1a0c411b2668c57c41e9c4efd15ba17b6b322ccvs
To generate a diff of this commit:
cvs rdiff -u -r1.69 -r1.70 pkgsrc/security/mit-krb5/Makefile
cvs rdiff -u -r1.42 -r1.43 pkgsrc/security/mit-krb5/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/security/mit-krb5/patches/patch-kadmin_server_schpw.c
-rw-r--r-- | security/mit-krb5/Makefile | 4 | ||||
-rw-r--r-- | security/mit-krb5/distinfo | 3 | ||||
-rw-r--r-- | security/mit-krb5/patches/patch-kadmin_server_schpw.c | 53 |
3 files changed, 57 insertions, 3 deletions
diff --git a/security/mit-krb5/Makefile b/security/mit-krb5/Makefile index 415fd0850ac..81bdab985e9 100644 --- a/security/mit-krb5/Makefile +++ b/security/mit-krb5/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.67.2.1 2013/04/30 18:50:00 tron Exp $ +# $NetBSD: Makefile,v 1.67.2.2 2013/05/16 22:04:58 spz Exp $ DISTNAME= krb5-1.10.4 -PKGREVISION= 1 +PKGREVISION= 2 PKGNAME= mit-${DISTNAME} CATEGORIES= security MASTER_SITES= http://web.mit.edu/kerberos/dist/krb5/${PKGVERSION_NOREV:R}/ diff --git a/security/mit-krb5/distinfo b/security/mit-krb5/distinfo index 890866ed344..5d554b03106 100644 --- a/security/mit-krb5/distinfo +++ b/security/mit-krb5/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.40.2.1 2013/04/30 18:50:00 tron Exp $ +$NetBSD: distinfo,v 1.40.2.2 2013/05/16 22:04:58 spz Exp $ SHA1 (krb5-1.10.4-signed.tar) = 2b4a0743b95b09cb433d25909e599de27c352f10 RMD160 (krb5-1.10.4-signed.tar) = 1dbf18f1a02744941ebde3b1db93b2e63e59afcd @@ -19,6 +19,7 @@ SHA1 (patch-ci) = 4e310f0a4dfe27cf94d0e63d623590691b6c5970 SHA1 (patch-cj) = 78342f649f8e9d3a3b5a4f83e65b6c46f589586b SHA1 (patch-ck) = 37bfef80329f8ae0fb35c35e70032a0040ba5591 SHA1 (patch-kadmin_dbutil_dump.c) = 4b49c116dbed9e6be4a0bf0a731c3ae82808d82e +SHA1 (patch-kadmin_server_schpw.c) = 87d849b6dcc0ad22f377e18f57d0731e642943bc SHA1 (patch-kdc_do_tgs_req.c) = a7c89338eab17f98c5e2b5d426b3696cc9b4b081 SHA1 (patch-lib_krb5_asn.1_asn1buf.h) = a1e46ca9256aea4facc1d41841b1707b044a69e7 SHA1 (patch-util_k5ev_verto-k5ev.c) = 79a2be64fa4f9b0dc3a333271e8a3ff7944e5c18 diff --git a/security/mit-krb5/patches/patch-kadmin_server_schpw.c b/security/mit-krb5/patches/patch-kadmin_server_schpw.c new file mode 100644 index 00000000000..969e31dbafb --- /dev/null +++ b/security/mit-krb5/patches/patch-kadmin_server_schpw.c @@ -0,0 +1,53 @@ +$NetBSD: patch-kadmin_server_schpw.c,v 1.1.2.2 2013/05/16 22:04:58 spz Exp $ + +The kpasswd service provided by kadmind was vulnerable to a UDP +"ping-pong" attack [CVE-2002-2443]. Don't respond to packets unless +they pass some basic validation, and don't respond to our own error +packets. + +Some authors use CVE-1999-0103 to refer to the kpasswd UDP ping-pong +attack or UDP ping-pong attacks in general, but there is discussion +leading toward narrowing the definition of CVE-1999-0103 to the echo, +chargen, or other similar built-in inetd services. + +from https://github.com/krb5/krb5/commit/cf1a0c411b2668c57c41e9c4efd15ba17b6b322c + + +--- kadmin/server/schpw.c.orig 2013-05-13 22:31:47.496049500 +0000 ++++ kadmin/server/schpw.c +@@ -52,7 +52,7 @@ process_chpw_request(krb5_context contex + ret = KRB5KRB_AP_ERR_MODIFIED; + numresult = KRB5_KPASSWD_MALFORMED; + strlcpy(strresult, "Request was truncated", sizeof(strresult)); +- goto chpwfail; ++ goto bailout; + } + + ptr = req->data; +@@ -67,7 +67,7 @@ process_chpw_request(krb5_context contex + numresult = KRB5_KPASSWD_MALFORMED; + strlcpy(strresult, "Request length was inconsistent", + sizeof(strresult)); +- goto chpwfail; ++ goto bailout; + } + + /* verify version number */ +@@ -80,7 +80,7 @@ process_chpw_request(krb5_context contex + numresult = KRB5_KPASSWD_BAD_VERSION; + snprintf(strresult, sizeof(strresult), + "Request contained unknown protocol version number %d", vno); +- goto chpwfail; ++ goto bailout; + } + + /* read, check ap-req length */ +@@ -93,7 +93,7 @@ process_chpw_request(krb5_context contex + numresult = KRB5_KPASSWD_MALFORMED; + strlcpy(strresult, "Request was truncated in AP-REQ", + sizeof(strresult)); +- goto chpwfail; ++ goto bailout; + } + + /* verify ap_req */ |