SecurityTracker.com Archives - (Fedora Issues Fix for FC1) Kerberos 5 ASN.1 Decoder Infinite Loop Lets Remote Users Deny Service

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

SecurityTracker
Archives

Sign Up

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Affiliates

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Partners

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Security) > Kerberos

Vendors: MIT

(Fedora Issues Fix for FC1) Kerberos 5 ASN.1 Decoder Infinite Loop Lets Remote Users Deny Service

SecurityTracker Alert ID: 1011121

SecurityTracker URL: http://securitytracker.com/id?1011121

CVE Reference: CAN-2004-0644 (Links to External Site)

Date: Sep 1 2004

Impact: Denial of service via network

Fix Available: Yes Vendor Confirmed: Yes

Version(s): prior to 1.3.4-5

Description: A denial of service vulnerability was reported in Kerberos 5 in the ASN.1 decoder library. A remote user can cause a Key Distribution Center (KDC) or an application server to enter an infinite loop.

The vendor reported that if the ASN.1 SEQUENCE type was encoded with an indefinite length, the asn1bug_snc() function will attempt to skip any trailing unrecognized fields with the asn1buf_skiptail() function. The asn1buf_skiptail() function does not properly handle certain error conditions and may enter an infinite loop.

The vendor credits Will Fiveash and Nico Williams at Sun with discovering this vulnerability.

Impact: A remote user can cause the KDC or application server to enter an infinite loop.

Solution: Fedora has released a fix, available at:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/

215744598787e8555852a42346523ff0 SRPMS/krb5-1.3.4-5.src.rpm
0bdb0a2c01e7682ac61009e86eb79c92 x86_64/krb5-devel-1.3.4-5.x86_64.rpm
575fa819175d43d6835867acb616da45 x86_64/krb5-libs-1.3.4-5.x86_64.rpm
2417f376a3f96de6514432efd70ba550 x86_64/krb5-server-1.3.4-5.x86_64.rpm
f79c01f71dd81127946c5e951ee3fa70 x86_64/krb5-workstation-1.3.4-5.x86_64.rpm
43fd30f8236c8a05edc726d7a9a318c9 x86_64/debug/krb5-debuginfo-1.3.4-5.x86_6=
4.rpm
90924e3b1aa64f7e0780613e49d97a77 x86_64/krb5-libs-1.3.4-5.i386.rpm
201f89557be28e3cbcf6c7e2d23187d0 i386/krb5-devel-1.3.4-5.i386.rpm
90924e3b1aa64f7e0780613e49d97a77 i386/krb5-libs-1.3.4-5.i386.rpm
0ea73ac3eeb55350d9ae5b2bcdf33059 i386/krb5-server-1.3.4-5.i386.rpm
69ecbbe96b6b900c0a8b5f5d76fffbab i386/krb5-workstation-1.3.4-5.i386.rpm
dfb27688cf0416cb9c051e9df0bbe5ab i386/debug/krb5-debuginfo-1.3.4-5.i386.rpm

Vendor URL: web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2004-003-asn1.txt (Links to External Site)

Cause: State error

Underlying OS: Linux (Red Hat Fedora)

Underlying OS Comments: FC1

Reported By: Nalin Dahyabhai <nalin@redhat.com>

Message History: This archive entry is a follow-up to the message listed below.

Aug 31 2004

Kerberos 5 ASN.1 Decoder Infinite Loop Lets Remote Users Deny Service

Source Message Contents

Date: Tue, 31 Aug 2004 14:24:47 -0400
From: Nalin Dahyabhai <nalin@redhat.com>
Subject: [SECURITY] Fedora Core 1 Update: krb5-1.3.4-5

 


--===============0961163792==
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="mYCpIKhGyMATD0i+"
Content-Disposition: inline


--mYCpIKhGyMATD0i+
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-276
2004-08-31
---------------------------------------------------------------------

Product     : Fedora Core 1
Name        : krb5
Version     : 1.3.4                     =20
Release     : 5                 =20
Summary     : The Kerberos network authentication system.
Description :
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of cleartext passwords.

---------------------------------------------------------------------
Update Information:

Kerberos is a networked authentication system which uses a trusted
third party (a KDC) to authenticate clients and servers to each
other.

Several double-free bugs were found in the Kerberos 5 KDC and
libraries. A remote attacker could potentially exploit these flaws to
execute arbitrary code. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the names CAN-2004-0642 and
CAN-2004-0643 to these issues.

A double-free bug was also found in the krb524 server
(CAN-2004-0772), however this issue does not affect Fedora Core.

An infinite loop bug was found in the Kerberos 5 ASN.1 decoder
library. A remote attacker may be able to trigger this flaw and cause
a denial of service. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0644 to this issue.

---------------------------------------------------------------------
* Tue Aug 24 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.4-5

- incorporate revised fixes from Tom Yu for CAN-2004-0642, CAN-2004-0644,
  CAN-2004-0772

* Mon Aug 23 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.4-4

- rebuild

* Mon Aug 23 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.4-3

- incorporate fixes from Tom Yu for CAN-2004-0642, CAN-2004-0772
  (MITKRB5-SA-2004-002, #130732)
- incorporate fixes from Tom Yu for CAN-2004-0644 (MITKRB5-SA-2004-003, #13=
0732)

* Tue Jul 27 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.4-2

- fix indexing error in server sorting patch (#127336)

* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>

- rebuilt

* Mon Jun 14 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.4-0.1

- update to 1.3.4 final

* Mon Jun 07 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.4-0

- update to 1.3.4 beta1
- remove MITKRB5-SA-2004-001, included in 1.3.4

* Mon Jun 07 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.3-8

- rebuild

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/

215744598787e8555852a42346523ff0  SRPMS/krb5-1.3.4-5.src.rpm
0bdb0a2c01e7682ac61009e86eb79c92  x86_64/krb5-devel-1.3.4-5.x86_64.rpm
575fa819175d43d6835867acb616da45  x86_64/krb5-libs-1.3.4-5.x86_64.rpm
2417f376a3f96de6514432efd70ba550  x86_64/krb5-server-1.3.4-5.x86_64.rpm
f79c01f71dd81127946c5e951ee3fa70  x86_64/krb5-workstation-1.3.4-5.x86_64.rpm
43fd30f8236c8a05edc726d7a9a318c9  x86_64/debug/krb5-debuginfo-1.3.4-5.x86_6=
4.rpm
90924e3b1aa64f7e0780613e49d97a77  x86_64/krb5-libs-1.3.4-5.i386.rpm
201f89557be28e3cbcf6c7e2d23187d0  i386/krb5-devel-1.3.4-5.i386.rpm
90924e3b1aa64f7e0780613e49d97a77  i386/krb5-libs-1.3.4-5.i386.rpm
0ea73ac3eeb55350d9ae5b2bcdf33059  i386/krb5-server-1.3.4-5.i386.rpm
69ecbbe96b6b900c0a8b5f5d76fffbab  i386/krb5-workstation-1.3.4-5.i386.rpm
dfb27688cf0416cb9c051e9df0bbe5ab  i386/debug/krb5-debuginfo-1.3.4-5.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command. =20
---------------------------------------------------------------------


--mYCpIKhGyMATD0i+
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFBNMJrN5vOV3hoi/URAnb8AKCULnNn3DmE8sqyYhHsnmbnw8b/2QCg4Yt7
feruXXynPyxb51cOe9kpjgQ=
=/R5W
-----END PGP SIGNATURE-----

--mYCpIKhGyMATD0i+--



--===============0961163792==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list

--===============0961163792==--

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us | Help
Copyright 2004, SecurityGlobal.net LLC