summaryrefslogtreecommitdiff
path: root/security/mit-krb5
diff options
context:
space:
mode:
authorsalo <salo>2006-08-09 17:31:10 +0000
committersalo <salo>2006-08-09 17:31:10 +0000
commit65edc272a7a034a20aa7b0edd0d8fd7c3fbaa0db (patch)
treed402f8e51826cf28998215f2f46fe684e6e8247a /security/mit-krb5
parent69622f8d51b8d52088d4e659d41c9bdab6296a94 (diff)
downloadpkgsrc-65edc272a7a034a20aa7b0edd0d8fd7c3fbaa0db.tar.gz
Security fixes for SA21402:
"A security issue has been reported in Kerberos, which potentially can be exploited by malicious, local users to perform certain actions with escalated privileges. The security issue is caused due to missing checks for whether the "setuid()" call has succeeded in the bundled krshd and v4rcp applications. This can be exploited to disclose or manipulate the contents of arbitrary files or execute arbitrary code with root privileges if the "setuid()" call fails due to e.g. resource limits." http://secunia.com/advisories/21402/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3083 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3084 http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-001-setuid.txt Bump PKGREVISION.
Diffstat (limited to 'security/mit-krb5')
-rw-r--r--security/mit-krb5/Makefile4
-rw-r--r--security/mit-krb5/distinfo9
-rw-r--r--security/mit-krb5/patches/patch-am39
-rw-r--r--security/mit-krb5/patches/patch-an30
-rw-r--r--security/mit-krb5/patches/patch-ao38
-rw-r--r--security/mit-krb5/patches/patch-ap18
-rw-r--r--security/mit-krb5/patches/patch-aq24
-rw-r--r--security/mit-krb5/patches/patch-ar20
-rw-r--r--security/mit-krb5/patches/patch-as20
9 files changed, 199 insertions, 3 deletions
diff --git a/security/mit-krb5/Makefile b/security/mit-krb5/Makefile
index d6381897227..58df00cbf35 100644
--- a/security/mit-krb5/Makefile
+++ b/security/mit-krb5/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.37 2006/04/22 09:22:14 rillig Exp $
+# $NetBSD: Makefile,v 1.38 2006/08/09 17:31:10 salo Exp $
DISTNAME= krb5-1.4.2
PKGNAME= mit-${DISTNAME:S/-signed$//}
-PKGREVISION= 2
+PKGREVISION= 3
CATEGORIES= security
MASTER_SITES= http://web.mit.edu/kerberos/dist/krb5/1.4/
DISTFILES= ${DISTNAME}-signed${EXTRACT_SUFX}
diff --git a/security/mit-krb5/distinfo b/security/mit-krb5/distinfo
index d112bf7fcc6..8bac9094368 100644
--- a/security/mit-krb5/distinfo
+++ b/security/mit-krb5/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.14 2006/03/17 15:44:45 joerg Exp $
+$NetBSD: distinfo,v 1.15 2006/08/09 17:31:10 salo Exp $
SHA1 (krb5-1.4.2-signed.tar) = bbc03bd319d539fb9523c2545d80ba0784522e88
RMD160 (krb5-1.4.2-signed.tar) = 44500f5fab8e5959cf43f17f5f52f68e2dc73a1f
@@ -14,3 +14,10 @@ SHA1 (patch-ah) = 59a6bfc341a22234b38db406abe83b0d6d358a9f
SHA1 (patch-aj) = 5c633571ea932ce349065cbb4c3bf482cc971675
SHA1 (patch-ak) = 9d95372fd8edddbf0366e83a51d7a0b8a507f218
SHA1 (patch-al) = fb611fe47bd7c773d7baf11424e90cd3af70c422
+SHA1 (patch-am) = 050690479d75c5df6e89424bac594ab48ae98a8c
+SHA1 (patch-an) = ccf76eecb4a0f3b4c7addd37ab8391dc831caa41
+SHA1 (patch-ao) = 22f907ce8c6d66582523b05326a9e8d56ae28401
+SHA1 (patch-ap) = c77a8f7bc35aa184e510bac576c12f55d5cfbf65
+SHA1 (patch-aq) = 52429b712ca7a478caeb76fd165585c7aab7fa02
+SHA1 (patch-ar) = 37807c14f03533aef8796ac90e5fac36ff98308a
+SHA1 (patch-as) = b155219fd512b59f698497af1bf6acf1ca4f4a34
diff --git a/security/mit-krb5/patches/patch-am b/security/mit-krb5/patches/patch-am
new file mode 100644
index 00000000000..da683b8dcd1
--- /dev/null
+++ b/security/mit-krb5/patches/patch-am
@@ -0,0 +1,39 @@
+$NetBSD: patch-am,v 1.1 2006/08/09 17:31:10 salo Exp $
+
+Security fix for SA21402.
+
+--- appl/gssftp/ftpd/ftpd.c.orig 2005-01-21 23:46:46.000000000 +0100
++++ appl/gssftp/ftpd/ftpd.c 2006-08-09 18:52:53.000000000 +0200
+@@ -1368,7 +1368,9 @@ getdatasock(fmode)
+ goto bad;
+ sleep(tries);
+ }
+- (void) krb5_seteuid((uid_t)pw->pw_uid);
++ if (krb5_seteuid((uid_t)pw->pw_uid)) {
++ fatal("seteuid user");
++ }
+ #ifdef IP_TOS
+ #ifdef IPTOS_THROUGHPUT
+ on = IPTOS_THROUGHPUT;
+@@ -1378,7 +1380,9 @@ getdatasock(fmode)
+ #endif
+ return (fdopen(s, fmode));
+ bad:
+- (void) krb5_seteuid((uid_t)pw->pw_uid);
++ if (krb5_seteuid((uid_t)pw->pw_uid)) {
++ fatal("seteuid user");
++ }
+ (void) close(s);
+ return (NULL);
+ }
+@@ -2187,7 +2191,9 @@ passive()
+ (void) krb5_seteuid((uid_t)pw->pw_uid);
+ goto pasv_error;
+ }
+- (void) krb5_seteuid((uid_t)pw->pw_uid);
++ if (krb5_seteuid((uid_t)pw->pw_uid)) {
++ fatal("seteuid user");
++ }
+ len = sizeof(pasv_addr);
+ if (getsockname(pdata, (struct sockaddr *) &pasv_addr, &len) < 0)
+ goto pasv_error;
diff --git a/security/mit-krb5/patches/patch-an b/security/mit-krb5/patches/patch-an
new file mode 100644
index 00000000000..822a5c6353b
--- /dev/null
+++ b/security/mit-krb5/patches/patch-an
@@ -0,0 +1,30 @@
+$NetBSD: patch-an,v 1.1 2006/08/09 17:31:10 salo Exp $
+
+Security fix for SA21402.
+
+--- appl/bsd/v4rcp.c.orig 2002-07-12 22:21:31.000000000 +0200
++++ appl/bsd/v4rcp.c 2006-08-09 18:52:53.000000000 +0200
+@@ -436,7 +436,10 @@ int main(argc, argv)
+ kstream_set_buffer_mode (krem, 0);
+ #endif /* KERBEROS && !NOENCRYPTION */
+ (void) response();
+- (void) setuid(userid);
++ if (setuid(userid)) {
++ error("rcp: can't setuid(user)\n");
++ exit(1);
++ }
+ source(--argc, ++argv);
+ exit(errs);
+
+@@ -452,7 +455,10 @@ int main(argc, argv)
+ krem = kstream_create_from_fd (rem, 0, 0);
+ kstream_set_buffer_mode (krem, 0);
+ #endif /* KERBEROS && !NOENCRYPTION */
+- (void) setuid(userid);
++ if (setuid(userid)) {
++ error("rcp: can't setuid(user)\n");
++ exit(1);
++ }
+ sink(--argc, ++argv);
+ exit(errs);
+
diff --git a/security/mit-krb5/patches/patch-ao b/security/mit-krb5/patches/patch-ao
new file mode 100644
index 00000000000..1623919578d
--- /dev/null
+++ b/security/mit-krb5/patches/patch-ao
@@ -0,0 +1,38 @@
+$NetBSD: patch-ao,v 1.1 2006/08/09 17:31:10 salo Exp $
+
+Security fix for SA21402.
+
+--- appl/bsd/krcp.c.orig 2003-05-10 02:00:58.000000000 +0200
++++ appl/bsd/krcp.c 2006-08-09 18:52:53.000000000 +0200
+@@ -620,7 +620,9 @@ int main(argc, argv)
+
+ euid = geteuid();
+ if (euid == 0) {
+- (void) setuid(0);
++ if (setuid(0)) {
++ perror("rcp setuid 0"); errs++; exit(errs);
++ }
+ if(krb5_seteuid(userid)) {
+ perror("rcp seteuid user"); errs++; exit(errs);
+ }
+@@ -638,11 +640,17 @@ int main(argc, argv)
+ continue;
+ rcmd_stream_init_normal();
+ #ifdef HAVE_SETREUID
+- (void) setreuid(0, userid);
++ if (setreuid(0, userid)) {
++ perror("rcp setreuid 0,user"); errs++; exit(errs);
++ }
+ sink(1, argv+argc-1);
+- (void) setreuid(userid, 0);
++ if (setreuid(userid, 0)) {
++ perror("rcp setreuid user,0"); errs++; exit(errs);
++ }
+ #else
+- (void) setuid(0);
++ if (setuid(0)) {
++ perror("rcp setuid 0"); errs++; exit(errs);
++ }
+ if(seteuid(userid)) {
+ perror("rcp seteuid user"); errs++; exit(errs);
+ }
diff --git a/security/mit-krb5/patches/patch-ap b/security/mit-krb5/patches/patch-ap
new file mode 100644
index 00000000000..612b419b981
--- /dev/null
+++ b/security/mit-krb5/patches/patch-ap
@@ -0,0 +1,18 @@
+$NetBSD: patch-ap,v 1.1 2006/08/09 17:31:10 salo Exp $
+
+Security fix for SA21402.
+
+--- appl/bsd/login.c.orig 2005-04-07 23:17:25.000000000 +0200
++++ appl/bsd/login.c 2006-08-09 18:52:53.000000000 +0200
+@@ -1648,7 +1648,10 @@ int main(argc, argv)
+ }
+ #endif /* HAVE_SETLUID */
+ #ifdef _IBMR2
+- setuidx(ID_LOGIN, pwd->pw_uid);
++ if (setuidx(ID_LOGIN, pwd->pw_uid) < 0) {
++ perror("setuidx");
++ sleepexit(1);
++ };
+ #endif
+
+ /* This call MUST succeed */
diff --git a/security/mit-krb5/patches/patch-aq b/security/mit-krb5/patches/patch-aq
new file mode 100644
index 00000000000..c91badb3ddc
--- /dev/null
+++ b/security/mit-krb5/patches/patch-aq
@@ -0,0 +1,24 @@
+$NetBSD: patch-aq,v 1.1 2006/08/09 17:31:10 salo Exp $
+
+Security fix for SA21402.
+
+--- appl/bsd/krshd.c.orig 2005-04-07 23:17:25.000000000 +0200
++++ appl/bsd/krshd.c 2006-08-09 18:52:53.000000000 +0200
+@@ -1379,9 +1379,15 @@ void doit(f, fromp)
+ * If we're on a system which keeps track of login uids, then
+ * set the login uid.
+ */
+- setluid((uid_t) pwd->pw_uid);
++ if (setluid((uid_t) pwd->pw_uid) < 0) {
++ perror("setluid");
++ _exit(1);
++ }
+ #endif /* HAVE_SETLUID */
+- (void) setuid((uid_t)pwd->pw_uid);
++ if (setuid((uid_t)pwd->pw_uid) < 0) {
++ perror("setuid");
++ _exit(1);
++ }
+ /* if TZ is set in the parent, drag it in */
+ {
+ char **findtz = environ;
diff --git a/security/mit-krb5/patches/patch-ar b/security/mit-krb5/patches/patch-ar
new file mode 100644
index 00000000000..6443fdae025
--- /dev/null
+++ b/security/mit-krb5/patches/patch-ar
@@ -0,0 +1,20 @@
+$NetBSD: patch-ar,v 1.1 2006/08/09 17:31:10 salo Exp $
+
+Security fix for SA21402.
+
+--- clients/ksu/main.c.orig 2002-08-14 21:14:49.000000000 +0200
++++ clients/ksu/main.c 2006-08-09 18:52:53.000000000 +0200
+@@ -892,8 +892,11 @@ static void sweep_up(context, cc)
+ const char * cc_name;
+ struct stat st_temp;
+
+- krb5_seteuid(0);
+- krb5_seteuid(target_uid);
++ if (krb5_seteuid(0) < 0 || krb5_seteuid(target_uid) < 0) {
++ com_err(prog_name, errno,
++ "while returning to source uid for destroying ccache");
++ exit(1);
++ }
+
+ cc_name = krb5_cc_get_name(context, cc);
+ if ( ! stat(cc_name, &st_temp)){
diff --git a/security/mit-krb5/patches/patch-as b/security/mit-krb5/patches/patch-as
new file mode 100644
index 00000000000..dd64800c0d2
--- /dev/null
+++ b/security/mit-krb5/patches/patch-as
@@ -0,0 +1,20 @@
+$NetBSD: patch-as,v 1.1 2006/08/09 17:31:10 salo Exp $
+
+Security fix for SA21402.
+
+--- lib/krb4/kuserok.c.orig 2003-03-05 04:38:51.000000000 +0100
++++ lib/krb4/kuserok.c 2006-08-09 18:52:53.000000000 +0200
+@@ -159,9 +159,11 @@ kuserok(kdata, luser)
+ */
+ if(getuid() == 0) {
+ uid_t old_euid = geteuid();
+- seteuid(pwd->pw_uid);
++ if (seteuid(pwd->pw_uid) < 0)
++ return NOTOK;
+ fp = fopen(pbuf, "r");
+- seteuid(old_euid);
++ if (seteuid(old_euid) < 0)
++ return NOTOK;
+ if ((fp) == NULL) {
+ return(NOTOK);
+ }