[krb5/f19] * Tue Sep 30 2014 Roland Mainz <rmainz at redhat.com> - 1.11.3-29 - fix for CVE-2014-5351 (#1145425) "k

Roland Mainz gisburn at fedoraproject.org
Tue Sep 30 23:32:42 UTC 2014 

commit 798947e47e947ecd25fe34cb91dd2ebe6ce0dbf8
Author: Roland Mainz <rmainz at redhat.com>
Date:   Wed Oct 1 01:07:05 2014 +0200

    * Tue Sep 30 2014 Roland Mainz <rmainz at redhat.com> - 1.11.3-29
    - fix for CVE-2014-5351 (#1145425) "krb5: current keys returned when
      randomizing the keys for a service principal"

 krb5-11.1_CVE-2014-5351_001.patch |   86 +++++++++++++++++++++++++++++++++++++
 krb5.spec                         |   10 ++++-
 2 files changed, 95 insertions(+), 1 deletions(-)
---
diff --git a/krb5-11.1_CVE-2014-5351_001.patch b/krb5-11.1_CVE-2014-5351_001.patch
new file mode 100644
index 0000000..793c93c
--- /dev/null
+++ b/krb5-11.1_CVE-2014-5351_001.patch
@@ -0,0 +1,86 @@
+From 3bf9e33f9d66c0eef486cbd83f9e4f13a74d12c3 Mon Sep 17 00:00:00 2001
+From: Greg Hudson <ghudson at mit.edu>
+Date: Thu, 21 Aug 2014 13:52:07 -0400
+Subject: [PATCH] Return only new keys in randkey [CVE-2014-5351]
+
+In kadmind's randkey operation, if a client specifies the keepold
+flag, do not include the preserved old keys in the response.
+
+CVE-2014-5351:
+
+An authenticated remote attacker can retrieve the current keys for a
+service principal when generating a new set of keys for that
+principal.  The attacker needs to be authenticated as a user who has
+the elevated privilege for randomizing the keys of other principals.
+
+Normally, when a Kerberos administrator randomizes the keys of a
+service principal, kadmind returns only the new keys.  This prevents
+an administrator who lacks legitimate privileged access to a service
+from forging tickets to authenticate to that service.  If the
+"keepold" flag to the kadmin randkey RPC operation is true, kadmind
+retains the old keys in the KDC database as intended, but also
+unexpectedly returns the old keys to the client, which exposes the
+service to ticket forgery attacks from the administrator.
+
+A mitigating factor is that legitimate clients of the affected service
+will start failing to authenticate to the service once they begin to
+receive service tickets encrypted in the new keys.  The affected
+service will be unable to decrypt the newly issued tickets, possibly
+alerting the legitimate administrator of the affected service.
+
+CVSSv2: AV:N/AC:H/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C
+
+[tlyu at mit.edu: CVE description and CVSS score]
+
+(cherry picked from commit af0ed4df4dfae762ab5fb605f5a0c8f59cb4f6ca)
+
+ticket: 8018
+version_fixed: 1.13
+status: resolved
+---
+diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c
+index ae36841..dc8393f 100644
+--- a/src/lib/kadm5/srv/svr_principal.c
++++ b/src/lib/kadm5/srv/svr_principal.c
+@@ -331,6 +331,20 @@ check_1_6_dummy(kadm5_principal_ent_t entry, long mask,
+     *passptr = NULL;
+ }
+ 
++/* Return the number of keys with the newest kvno.  Assumes that all key data
++ * with the newest kvno are at the front of the key data array. */
++static int
++count_new_keys(int n_key_data, krb5_key_data *key_data)
++{
++    int n;
++
++    for (n = 1; n < n_key_data; n++) {
++        if (key_data[n - 1].key_data_kvno != key_data[n].key_data_kvno)
++            return n;
++    }
++    return n_key_data;
++}
++
+ kadm5_ret_t
+ kadm5_create_principal(void *server_handle,
+                        kadm5_principal_ent_t entry, long mask,
+@@ -1693,7 +1707,7 @@ kadm5_randkey_principal_3(void *server_handle,
+     osa_princ_ent_rec           adb;
+     krb5_int32                  now;
+     kadm5_policy_ent_rec        pol;
+-    int                         ret, last_pwd, have_pol = 0;
++    int                         ret, last_pwd, n_new_keys, have_pol = 0;
+     kadm5_server_handle_t       handle = server_handle;
+     krb5_keyblock               *act_mkey;
+     int                         new_n_ks_tuple = 0;
+@@ -1781,8 +1795,9 @@ kadm5_randkey_principal_3(void *server_handle,
+     kdb->fail_auth_count = 0;
+ 
+     if (keyblocks) {
+-        ret = decrypt_key_data(handle->context,
+-                               kdb->n_key_data, kdb->key_data,
++        /* Return only the new keys added by krb5_dbe_crk. */
++        n_new_keys = count_new_keys(kdb->n_key_data, kdb->key_data);
++        ret = decrypt_key_data(handle->context, n_new_keys, kdb->key_data,
+                                keyblocks, n_keys);
+         if (ret)
+             goto done;
diff --git a/krb5.spec b/krb5.spec
index 813917d..0fcbd30 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -32,7 +32,7 @@
 Summary: The Kerberos network authentication system
 Name: krb5
 Version: 1.11.3
-Release: 28%{?dist}
+Release: 29%{?dist}
 # Maybe we should explode from the now-available-to-everybody tarball instead?
 # http://web.mit.edu/kerberos/dist/krb5/1.11/krb5-1.11.3-signed.tar
 Source0: krb5-%{version}.tar.gz
@@ -147,6 +147,8 @@ Patch306: 0006-Use-more-randomness-for-ksu-secondary-cache-names.patch
 Patch307: 0007-Make-krb5_cc_new_unique-create-DIR-directories.patch
 Patch308: krb5-1.11-base64-exports.patch
 
+Patch309: krb5-11.1_CVE-2014-5351_001.patch
+
 License: MIT
 URL: http://web.mit.edu/kerberos/www/
 Group: System Environment/Libraries
@@ -351,6 +353,8 @@ ln -s NOTICE LICENSE
 %patch307 -p1 -b .Make-krb5_cc_new_unique-create-DIR-directories
 %patch308 -p1 -b .base64-exports
 
+%patch309 -p1
+
 %patch60 -p1 -b .pam
 
 %patch63 -p1 -b .selinux-label
@@ -1011,6 +1015,10 @@ exit 0
 %{_sbindir}/uuserver
 
 %changelog
+* Tue Sep 30 2014 Roland Mainz <rmainz at redhat.com> - 1.11.3-29
+- fix for CVE-2014-5351 (#1145425) "krb5: current keys returned when
+  randomizing the keys for a service principal"
+
 * Sat Sep  6 2014 Nalin Dahyabhai <nalin at redhat.com> - 1.11.3-28
 - replace older proposed changes for ksu with backports of the changes
   after review and merging upstream (#1015559, #1026099, #1118347)

More information about the scm-commits mailing list