From 635b532cd2987f13c5a08db090d8a1c44650b1f3 Mon Sep 17 00:00:00 2001 From: Natanael Copa Date: Wed, 22 May 2013 07:31:34 +0000 Subject: main/krb5: security fix (CVE-2002-2443) ref ##1927 --- main/krb5/APKBUILD | 4 +++ main/krb5/CVE-2002-2443.patch | 69 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 73 insertions(+) create mode 100644 main/krb5/CVE-2002-2443.patch (limited to 'main/krb5') diff --git a/main/krb5/APKBUILD b/main/krb5/APKBUILD index 43479b9ab1..766214eb83 100644 --- a/main/krb5/APKBUILD +++ b/main/krb5/APKBUILD @@ -16,6 +16,7 @@ subpackages="$pkgname-dev $pkgname-doc $pkgname-server source="http://web.mit.edu/kerberos/dist/krb5/1.11/krb5-$pkgver-signed.tar mit-krb5-1.11_uninitialized.patch mit-krb5_krb5-config_LDFLAGS.patch + CVE-2002-2443.patch krb5kadmind.initd krb5kdc.initd krb5kpropd.initd @@ -113,18 +114,21 @@ libs() { md5sums="d7a63c9c68b65efa71a615c67b6edf70 krb5-1.11.2-signed.tar 597cd7ab74a8113b86e3405c15ccfecb mit-krb5-1.11_uninitialized.patch 656e242de9b5ada1edf398983db51eef mit-krb5_krb5-config_LDFLAGS.patch +0cdce7c384974b916f00e3e9932df488 CVE-2002-2443.patch 29906e70e15025dda8b315d8209cab4c krb5kadmind.initd 47efe7f24c98316d38ea46ad629b3517 krb5kdc.initd 3e0b8313c1e5bfb7625f35e76a5e53f1 krb5kpropd.initd" sha256sums="f0373295fb320b9702468eb0df33397e7278326ec1681a8c6037cc53cb0120a5 krb5-1.11.2-signed.tar 81a0d432b6d1686587b25b6ce70f0b8558e0c693da4c63b9de881962ae01c043 mit-krb5-1.11_uninitialized.patch 9ebfc38cc167bbf451105807512845cd961f839d64b7e2904a6c4e722e41fe2b mit-krb5_krb5-config_LDFLAGS.patch +1e2b53152faa9309d4dbfa0126d4e041d3c5a4519b91487aa20d019b9c00af9b CVE-2002-2443.patch c7a1ec03472996daaaaf1a4703566113c80f72ee8605d247098a25a13dad1f5f krb5kadmind.initd 709309dea043aa306c2fcf0960e0993a6db540c220de64cf92d6b85f1cca23c5 krb5kdc.initd 86b15d691e32b331ac756ee368b7364de6ab238dcae5adfed2a00b57d1b64ef4 krb5kpropd.initd" sha512sums="2db58530a98c4bdf9c6f797f3fb2881a3bdeda680804309f1f40e877a5a1c6e589021e1e0521b5a258626e5d04105ad0c01575b2104313b4b9592ee1ae8b8006 krb5-1.11.2-signed.tar 4d2ea5189971df13bf874d29bcf89fa3bfeb1d25b3bd9245ee7c88f5c4834e950c5978ce13df3b8fc05f98dd7d5510dad43af0440436958fa23f9e1a51f60f76 mit-krb5-1.11_uninitialized.patch 8118518e359cb5e69e3321b7438b200d5d74ceeac16b4623bf4e4bfb4ead6c656de6fa153f9bcc454097b45a512bc8cd0798b1f062a2c4a09f75253b204a7a17 mit-krb5_krb5-config_LDFLAGS.patch +4f578a1c52de1cf2483aac4798eb577add8149daec9cb34c8cb1c2aeec8f78c8422f24c0a6844c8cc57d3eeea673d5f71fdb4369b11d3c682cf608270be07808 CVE-2002-2443.patch 561af06b4e0f0e130dda345ad934bcdb9984ec00cc38d871df1d3bb3f9e1c7d86f06db5b03229707c88b96ad324e3a2222420f8494aa431002cacea0246b1153 krb5kadmind.initd d6d0076886ce284fc395fafc2dc253b4b3ee97b2986dea51388d96a1e1294680fb171f475efc7844559e2c6aac44b26678a9255921db9a58dcf2e7164f0aeec5 krb5kdc.initd f97d33fa977c132a470d95fd539d8e8db018e03f28dbc9d3e04faf78ebb7392196e7d5135f138c2390979bf37b3ae0265e6827f0c17b44b277eb2dfff0a96f77 krb5kpropd.initd" diff --git a/main/krb5/CVE-2002-2443.patch b/main/krb5/CVE-2002-2443.patch new file mode 100644 index 0000000000..3ef88155c5 --- /dev/null +++ b/main/krb5/CVE-2002-2443.patch @@ -0,0 +1,69 @@ +From cf1a0c411b2668c57c41e9c4efd15ba17b6b322c Mon Sep 17 00:00:00 2001 +From: Tom Yu +Date: Fri, 3 May 2013 16:26:46 -0400 +Subject: [PATCH] Fix kpasswd UDP ping-pong [CVE-2002-2443] + +The kpasswd service provided by kadmind was vulnerable to a UDP +"ping-pong" attack [CVE-2002-2443]. Don't respond to packets unless +they pass some basic validation, and don't respond to our own error +packets. + +Some authors use CVE-1999-0103 to refer to the kpasswd UDP ping-pong +attack or UDP ping-pong attacks in general, but there is discussion +leading toward narrowing the definition of CVE-1999-0103 to the echo, +chargen, or other similar built-in inetd services. + +Thanks to Vincent Danen for alerting us to this issue. + +CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:P/RL:O/RC:C + +ticket: 7637 (new) +target_version: 1.11.3 +tags: pullup +--- + src/kadmin/server/schpw.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/src/kadmin/server/schpw.c b/src/kadmin/server/schpw.c +index 15b0ab5..7f455d8 100644 +--- a/src/kadmin/server/schpw.c ++++ b/src/kadmin/server/schpw.c +@@ -52,7 +52,7 @@ + ret = KRB5KRB_AP_ERR_MODIFIED; + numresult = KRB5_KPASSWD_MALFORMED; + strlcpy(strresult, "Request was truncated", sizeof(strresult)); +- goto chpwfail; ++ goto bailout; + } + + ptr = req->data; +@@ -67,7 +67,7 @@ + numresult = KRB5_KPASSWD_MALFORMED; + strlcpy(strresult, "Request length was inconsistent", + sizeof(strresult)); +- goto chpwfail; ++ goto bailout; + } + + /* verify version number */ +@@ -80,7 +80,7 @@ + numresult = KRB5_KPASSWD_BAD_VERSION; + snprintf(strresult, sizeof(strresult), + "Request contained unknown protocol version number %d", vno); +- goto chpwfail; ++ goto bailout; + } + + /* read, check ap-req length */ +@@ -93,7 +93,7 @@ + numresult = KRB5_KPASSWD_MALFORMED; + strlcpy(strresult, "Request was truncated in AP-REQ", + sizeof(strresult)); +- goto chpwfail; ++ goto bailout; + } + + /* verify ap_req */ +-- +1.8.1.6 + -- cgit v1.2.3