diff options
| author | tez <tez> | 2013-05-13 22:42:33 +0000 |
|---|---|---|
| committer | tez <tez> | 2013-05-13 22:42:33 +0000 |
| commit | e478c9b12eb64be0c05fa6170a49f4c1b8c55a2b (patch) | |
| tree | eb48696f1c1c57d2b0291db73591bc90b5b7361f /security | |
| parent | 0c9e59a5793a64f1eeb1501f35a634837d738dd4 (diff) | |
| download | pkgsrc-e478c9b12eb64be0c05fa6170a49f4c1b8c55a2b.tar.gz | |
The kpasswd service provided by kadmind was vulnerable to a UDP
"ping-pong" attack [CVE-2002-2443]. Don't respond to packets unless
they pass some basic validation, and don't respond to our own error
packets.
Some authors use CVE-1999-0103 to refer to the kpasswd UDP ping-pong
attack or UDP ping-pong attacks in general, but there is discussion
leading toward narrowing the definition of CVE-1999-0103 to the echo,
chargen, or other similar built-in inetd services.
https://github.com/krb5/krb5/commit/cf1a0c411b2668c57c41e9c4efd15ba17b6b322ccvs
Diffstat (limited to 'security')
| -rw-r--r-- | security/mit-krb5/Makefile | 3 | ||||
| -rw-r--r-- | security/mit-krb5/distinfo | 3 | ||||
| -rw-r--r-- | security/mit-krb5/patches/patch-kadmin_server_schpw.c | 53 |
3 files changed, 57 insertions, 2 deletions
diff --git a/security/mit-krb5/Makefile b/security/mit-krb5/Makefile index 90051336734..9259cd9ee2f 100644 --- a/security/mit-krb5/Makefile +++ b/security/mit-krb5/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.69 2013/05/09 08:40:05 adam Exp $ +# $NetBSD: Makefile,v 1.70 2013/05/13 22:42:33 tez Exp $ DISTNAME= krb5-1.10.5 +PKGREVISION= 1 PKGNAME= mit-${DISTNAME} CATEGORIES= security MASTER_SITES= http://web.mit.edu/kerberos/dist/krb5/${PKGVERSION_NOREV:R}/ diff --git a/security/mit-krb5/distinfo b/security/mit-krb5/distinfo index 6f0e67c2cd9..6a2fbe7bfcb 100644 --- a/security/mit-krb5/distinfo +++ b/security/mit-krb5/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.42 2013/05/09 08:40:05 adam Exp $ +$NetBSD: distinfo,v 1.43 2013/05/13 22:42:33 tez Exp $ SHA1 (krb5-1.10.5-signed.tar) = 5c94637ee2355dc0e032abadec4ad207d0f04022 RMD160 (krb5-1.10.5-signed.tar) = 4800d2da6cf68dacf3e116a29f443010220f3237 @@ -19,5 +19,6 @@ SHA1 (patch-ci) = 4e310f0a4dfe27cf94d0e63d623590691b6c5970 SHA1 (patch-cj) = 78342f649f8e9d3a3b5a4f83e65b6c46f589586b SHA1 (patch-ck) = 37bfef80329f8ae0fb35c35e70032a0040ba5591 SHA1 (patch-kadmin_dbutil_dump.c) = 4b49c116dbed9e6be4a0bf0a731c3ae82808d82e +SHA1 (patch-kadmin_server_schpw.c) = 87d849b6dcc0ad22f377e18f57d0731e642943bc SHA1 (patch-lib_krb5_asn.1_asn1buf.h) = a1e46ca9256aea4facc1d41841b1707b044a69e7 SHA1 (patch-util_k5ev_verto-k5ev.c) = 79a2be64fa4f9b0dc3a333271e8a3ff7944e5c18 diff --git a/security/mit-krb5/patches/patch-kadmin_server_schpw.c b/security/mit-krb5/patches/patch-kadmin_server_schpw.c new file mode 100644 index 00000000000..de8180355bb --- /dev/null +++ b/security/mit-krb5/patches/patch-kadmin_server_schpw.c @@ -0,0 +1,53 @@ +$NetBSD: patch-kadmin_server_schpw.c,v 1.1 2013/05/13 22:42:34 tez Exp $ + +The kpasswd service provided by kadmind was vulnerable to a UDP +"ping-pong" attack [CVE-2002-2443]. Don't respond to packets unless +they pass some basic validation, and don't respond to our own error +packets. + +Some authors use CVE-1999-0103 to refer to the kpasswd UDP ping-pong +attack or UDP ping-pong attacks in general, but there is discussion +leading toward narrowing the definition of CVE-1999-0103 to the echo, +chargen, or other similar built-in inetd services. + +from https://github.com/krb5/krb5/commit/cf1a0c411b2668c57c41e9c4efd15ba17b6b322c + + +--- kadmin/server/schpw.c.orig 2013-05-13 22:31:47.496049500 +0000 ++++ kadmin/server/schpw.c +@@ -52,7 +52,7 @@ process_chpw_request(krb5_context contex + ret = KRB5KRB_AP_ERR_MODIFIED; + numresult = KRB5_KPASSWD_MALFORMED; + strlcpy(strresult, "Request was truncated", sizeof(strresult)); +- goto chpwfail; ++ goto bailout; + } + + ptr = req->data; +@@ -67,7 +67,7 @@ process_chpw_request(krb5_context contex + numresult = KRB5_KPASSWD_MALFORMED; + strlcpy(strresult, "Request length was inconsistent", + sizeof(strresult)); +- goto chpwfail; ++ goto bailout; + } + + /* verify version number */ +@@ -80,7 +80,7 @@ process_chpw_request(krb5_context contex + numresult = KRB5_KPASSWD_BAD_VERSION; + snprintf(strresult, sizeof(strresult), + "Request contained unknown protocol version number %d", vno); +- goto chpwfail; ++ goto bailout; + } + + /* read, check ap-req length */ +@@ -93,7 +93,7 @@ process_chpw_request(krb5_context contex + numresult = KRB5_KPASSWD_MALFORMED; + strlcpy(strresult, "Request was truncated in AP-REQ", + sizeof(strresult)); +- goto chpwfail; ++ goto bailout; + } + + /* verify ap_req */ |