From f3624b635188d30b964bb2e3b9bee2f5eeeef7b0 Mon Sep 17 00:00:00 2001 From: salo Date: Wed, 17 Jan 2007 23:43:47 +0000 Subject: Security fix for CVE-2006-6143: "An unauthenticated user may cause execution of arbitrary code in kadmind, which can compromise the Kerberos key database and host security. (kadmind usually runs as root.) Unsuccessful exploitation, or even accidental replication of the required conditions by non-malicious users, can result in kadmind crashing." http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-002-rpc.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6143 Patch from MIT. --- security/mit-krb5/Makefile | 4 ++-- security/mit-krb5/distinfo | 3 ++- security/mit-krb5/patches/patch-at | 25 +++++++++++++++++++++++++ 3 files changed, 29 insertions(+), 3 deletions(-) create mode 100644 security/mit-krb5/patches/patch-at (limited to 'security/mit-krb5') diff --git a/security/mit-krb5/Makefile b/security/mit-krb5/Makefile index 58df00cbf35..a2a056fb002 100644 --- a/security/mit-krb5/Makefile +++ b/security/mit-krb5/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.38 2006/08/09 17:31:10 salo Exp $ +# $NetBSD: Makefile,v 1.39 2007/01/17 23:43:47 salo Exp $ DISTNAME= krb5-1.4.2 PKGNAME= mit-${DISTNAME:S/-signed$//} -PKGREVISION= 3 +PKGREVISION= 4 CATEGORIES= security MASTER_SITES= http://web.mit.edu/kerberos/dist/krb5/1.4/ DISTFILES= ${DISTNAME}-signed${EXTRACT_SUFX} diff --git a/security/mit-krb5/distinfo b/security/mit-krb5/distinfo index 8bac9094368..d747fcd8cac 100644 --- a/security/mit-krb5/distinfo +++ b/security/mit-krb5/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.15 2006/08/09 17:31:10 salo Exp $ +$NetBSD: distinfo,v 1.16 2007/01/17 23:43:47 salo Exp $ SHA1 (krb5-1.4.2-signed.tar) = bbc03bd319d539fb9523c2545d80ba0784522e88 RMD160 (krb5-1.4.2-signed.tar) = 44500f5fab8e5959cf43f17f5f52f68e2dc73a1f @@ -21,3 +21,4 @@ SHA1 (patch-ap) = c77a8f7bc35aa184e510bac576c12f55d5cfbf65 SHA1 (patch-aq) = 52429b712ca7a478caeb76fd165585c7aab7fa02 SHA1 (patch-ar) = 37807c14f03533aef8796ac90e5fac36ff98308a SHA1 (patch-as) = b155219fd512b59f698497af1bf6acf1ca4f4a34 +SHA1 (patch-at) = df0605b0f5fbaef6b7540f87079ae64b2acc464c diff --git a/security/mit-krb5/patches/patch-at b/security/mit-krb5/patches/patch-at new file mode 100644 index 00000000000..02e741fbcc8 --- /dev/null +++ b/security/mit-krb5/patches/patch-at @@ -0,0 +1,25 @@ +$NetBSD: patch-at,v 1.1 2007/01/17 23:43:47 salo Exp $ + +Security fix for CVE-2006-6143. + +--- lib/rpc/svc.c.orig 2004-09-21 20:20:15.000000000 +0200 ++++ lib/rpc/svc.c 2007-01-17 21:58:10.000000000 +0100 +@@ -436,6 +436,8 @@ svc_getreqset(FDSET_TYPE *readfds) + #endif + } + ++extern struct svc_auth_ops svc_auth_gss_ops; ++ + static void + svc_do_xprt(SVCXPRT *xprt) + { +@@ -517,6 +519,9 @@ svc_do_xprt(SVCXPRT *xprt) + if ((stat = SVC_STAT(xprt)) == XPRT_DIED){ + SVC_DESTROY(xprt); + break; ++ } else if ((xprt->xp_auth != NULL) && ++ (xprt->xp_auth->svc_ah_ops != &svc_auth_gss_ops)) { ++ xprt->xp_auth = NULL; + } + } while (stat == XPRT_MOREREQS); + -- cgit v1.2.3