Bug 86768 (CVE-2005-1689)

Summary: VUL-0: CVE-2005-1689: krb5 double free() (CAN-2005-1689, MITKRB5-SA-2005-003)
Product: [Novell Products] SUSE Security Incidents Reporter: Thomas Biege <thomas>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P5 - None CC: mc, patch-request, security-team
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: All   
Whiteboard: CVE-2005-1689: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: Patch for this security Bug
patchinfo-box.krb5

Description Thomas Biege 2005-06-02 09:13:46 UTC 
To: cert@cert.org, vendor-sec@lst.de
From: Tom Yu <tlyu@MIT.EDU>
Old-Content-Type: text/plain; charset=us-ascii
Subject: [vendor-sec] confidential - pending security advisory MITKRB5-SA-2005-003
Errors-To: vendor-sec-admin@lst.de
Date: Wed, 01 Jun 2005 15:31:47 -0400

[-- PGP Ausgabe folgt (aktuelle Zeit: Do 02 Jun 2005 11:02:44 CEST) --]
gpg: Unterschrift vom Mi 01 Jun 2005 21:31:50 CEST, DSA SchlÃŒssel ID 2E2F668E
gpg: Unterschrift kann nicht geprÃŒft werden: Ãffentlicher SchlÃŒssel nicht gefunden

[-- Ende der PGP-Ausgabe --]

[-- BEGIN PGP SIGNED MESSAGE --]

The MIT Kerberos Development Team is aware of the following
vulnerability in the MIT krb5 software.  Please do not publicly
disseminate this information prior to our public disclosure.

Our current target date for public disclosure is 12 July 2005.
Vendors should contact tlyu@mit.edu via PGP-encrypted email for
details and patches.  Some vendors already known to the MIT Kerberos
Development Team have been notified previously.  This is a separate
vulnerability from those described in MITKRB5-SA-2005-002.

Please let me know if you have any concerns about the release date.

Advisory MITKRB5-SA-2005-003 concerns the following vulnerability:

CAN-2005-1689: Unauthenticated attacker can cause krb5_recvauth()
function to free a block of memory twice, possibly leading to
arbitrary code execution.

This vulnerability is classified as CRITICAL due to the potential to
compromise a KDC host.

[-- END PGP SIGNED MESSAGE --]
_______________________________________________
Vendor Security mailing list
Comment 1 Thomas Biege 2005-06-02 09:14:51 UTC 
Michael,
would you like to contact them and ask for the patches? Thanks.
Comment 2 Michael Calmer 2005-06-02 14:30:22 UTC 
The mail is out.
Comment 3 Michael Calmer 2005-06-03 08:10:15 UTC 
Created attachment 38580 [details]
Patch for this security Bug
Comment 4 Michael Calmer 2005-06-03 08:11:06 UTC 
I got the patch from Tom Yu. It is attached.
Comment 5 Thomas Biege 2005-06-03 08:18:04 UTC 
Great.

I'll prepare the pinfo files and create a swamp id.
Comment 6 Michael Calmer 2005-06-03 08:29:48 UTC 
> public disclosure is 12 July 2005 
 
The other security bug (Bug #80574) has a disclose date of 5 July. 
 
What do you think. Do we have to made two security updates. Or is one enough?
Comment 7 Thomas Biege 2005-06-03 08:33:45 UTC 
Let's just make one release.
Comment 8 Thomas Biege 2005-06-03 08:42:46 UTC 
 SM-Tracker-1455
Comment 9 Thomas Biege 2005-06-03 08:54:38 UTC 
Created attachment 38582 [details]
patchinfo-box.krb5
Comment 10 Thomas Biege 2005-06-07 09:08:42 UTC 
VU#623332
Comment 11 Michael Calmer 2005-06-28 10:16:35 UTC 
Package is submitted
Comment 12 Ludwig Nussel 2005-07-13 07:33:13 UTC 
updates released
Comment 13 Thomas Biege 2009-10-13 21:25:44 UTC 
CVE-2005-1689: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)