Security fix for CVE-2006-6143:

"An unauthenticated user may cause execution of arbitrary code in
 kadmind, which can compromise the Kerberos key database and host
 security.  (kadmind usually runs as root.)  Unsuccessful exploitation,
 or even accidental replication of the required conditions by
 non-malicious users, can result in kadmind crashing."

http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-002-rpc.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6143

Patch from MIT.

3 files changed, 29 insertions, 3 deletions

diff --git a/security/mit-krb5/Makefile b/security/mit-krb5/Makefile
index 58df00cbf35..a2a056fb002 100644
--- a/security/mit-krb5/Makefile
+++ b/security/mit-krb5/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.38 2006/08/09 17:31:10 salo Exp $
+# $NetBSD: Makefile,v 1.39 2007/01/17 23:43:47 salo Exp $
 
 DISTNAME=	krb5-1.4.2
 PKGNAME=	mit-${DISTNAME:S/-signed$//}
-PKGREVISION=	3
+PKGREVISION=	4
 CATEGORIES=	security
 MASTER_SITES=	http://web.mit.edu/kerberos/dist/krb5/1.4/
 DISTFILES=	${DISTNAME}-signed${EXTRACT_SUFX}
diff --git a/security/mit-krb5/distinfo b/security/mit-krb5/distinfo
index 8bac9094368..d747fcd8cac 100644
--- a/security/mit-krb5/distinfo
+++ b/security/mit-krb5/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.15 2006/08/09 17:31:10 salo Exp $
+$NetBSD: distinfo,v 1.16 2007/01/17 23:43:47 salo Exp $
 
 SHA1 (krb5-1.4.2-signed.tar) = bbc03bd319d539fb9523c2545d80ba0784522e88
 RMD160 (krb5-1.4.2-signed.tar) = 44500f5fab8e5959cf43f17f5f52f68e2dc73a1f
@@ -21,3 +21,4 @@ SHA1 (patch-ap) = c77a8f7bc35aa184e510bac576c12f55d5cfbf65
 SHA1 (patch-aq) = 52429b712ca7a478caeb76fd165585c7aab7fa02
 SHA1 (patch-ar) = 37807c14f03533aef8796ac90e5fac36ff98308a
 SHA1 (patch-as) = b155219fd512b59f698497af1bf6acf1ca4f4a34
+SHA1 (patch-at) = df0605b0f5fbaef6b7540f87079ae64b2acc464c
diff --git a/security/mit-krb5/patches/patch-at b/security/mit-krb5/patches/patch-at
new file mode 100644
index 00000000000..02e741fbcc8
--- /dev/null
+++ b/security/mit-krb5/patches/patch-at
@@ -0,0 +1,25 @@
+$NetBSD: patch-at,v 1.1 2007/01/17 23:43:47 salo Exp $
+
+Security fix for CVE-2006-6143.
+
+--- lib/rpc/svc.c.orig	2004-09-21 20:20:15.000000000 +0200
++++ lib/rpc/svc.c	2007-01-17 21:58:10.000000000 +0100
+@@ -436,6 +436,8 @@ svc_getreqset(FDSET_TYPE *readfds)
+ #endif
+ }
+ 
++extern struct svc_auth_ops svc_auth_gss_ops;
++
+ static void
+ svc_do_xprt(SVCXPRT *xprt)
+ {
+@@ -517,6 +519,9 @@ svc_do_xprt(SVCXPRT *xprt)
+ 		if ((stat = SVC_STAT(xprt)) == XPRT_DIED){
+ 			SVC_DESTROY(xprt);
+ 			break;
++		} else if ((xprt->xp_auth != NULL) &&
++			   (xprt->xp_auth->svc_ah_ops != &svc_auth_gss_ops)) {
++			xprt->xp_auth = NULL;
+ 		}
+ 	} while (stat == XPRT_MOREREQS);
+