Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
aports
aports
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 649
    • Issues 649
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 181
    • Merge Requests 181
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Environments
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • alpine
  • aportsaports
  • Issues
  • #9302

Closed
Open
Opened Aug 21, 2018 by Alicha CH@alichaReporter
  • Report abuse
  • New issue
Report abuse New issue

[3.7] krb5: Multiple vulnerabilities (CVE-2017-15088, CVE-2018-5709, CVE-2018-5710)

CVE-2017-15088: Buffer overflow in get_matching_data()

plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name
(DN) fields, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application
crash) in situations involving untrusted X.509 data, related to the get_matching_data and X509_NAME_oneline_ex functions.

References:

https://nvd.nist.gov/vuln/detail/CVE-2017-15088
https://github.com/krb5/krb5/pull/707

Patch:

https://github.com/krb5/krb5/commit/fbb687db1088ddd894d975996e5f6a4252b9a2b4

CVE-2018-5709: integer overflow in dbentry->n_key_data in kadmin/dbutil/dump.c

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable “dbentry->n_key_data” in kadmin/dbutil/dump.c
that can store 16-bit data but unknowingly the developer has assigned a “u4” variable to it, which is for 32-bit data. An attacker can use this
vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.

References:

https://nvd.nist.gov/vuln/detail/CVE-2018-5709
https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities

CVE-2018-5710: null pointer deference in strlen function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The pre-defined function “strlen” is getting a “NULL” string as a parameter
value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key Distribution Center (KDC), which allows remote authenticated users
to cause a denial of service (NULL pointer dereference) via a modified kadmin client.

References:

https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Denial%20Of%20Service%28DoS%29
https://nvd.nist.gov/vuln/detail/CVE-2018-5710

(from redmine: issue id 9302, created on 2018-08-21, closed on 2019-05-04)

  • Relations:
    • copied_to #9299
    • parent #9299
  • Changesets:
    • Revision 896ae53d by Natanael Copa on 2018-08-21T14:37:39Z:
main/krb5: security upgrade to 1.15.3 (CVE-2017-15088,CVE-2018-5709,CVE-2018-5710)

fixes #9302
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information
Assignee
Assign to
3.7.1
Milestone
3.7.1 (Past due)
Assign milestone
Time tracking
None
Due date
None
2
Labels
Normal type:bug
Assign labels
  • View project labels
Reference: alpine/aports#9302