Bugzilla – Bug 952190
VUL-0: CVE-2015-2697: krb5: invalid string processing
Last modified: 2017-05-16 06:41:01 UTC
https://github.com/krb5/krb5/commit/f0c094a1b745d91ef2f9a4eae2149aac026a5789 In build_principal_va(), use k5memdup0() instead of strdup() to make a copy of the realm, to ensure that we allocate the correct number of bytes and do not read past the end of the input string. This bug affects krb5_build_principal(), krb5_build_principal_va(), and krb5_build_principal_alloc_va(). krb5_build_principal_ext() is not affected. CVE-2015-2697: In MIT krb5 1.7 and later, an authenticated attacker may be able to cause a KDC to crash using a TGS request with a large realm field beginning with a null byte. If the KDC attempts to find a referral to answer the request, it constructs a principal name for lookup using krb5_build_principal() with the requested realm. Due to a bug in this function, the null byte causes only one byte be allocated for the realm field of the constructed principal, far less than its length. Subsequent operations on the lookup principal may cause a read beyond the end of the mapped memory region, causing the KDC process to crash. CVSSv2: AV:N/AC:L/Au:S/C:N/I:N/A:C/E:POC/RL:OF/RC:C SLE: SLE 12 and up. openSUSE: 13.1, 13.2, Leap 42.1 and Tumbleweed References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2697 http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-2697.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2697
bugbot adjusting priority
This is an autogenerated message for OBS integration: This bug (952190) was mentioned in https://build.opensuse.org/request/show/341522 13.1 / krb5 https://build.opensuse.org/request/show/341525 13.2 / krb5
SUSE-SU-2015:1897-1: An update that solves three vulnerabilities and has one errata is now available. Category: security (important) Bug References: 948011,952188,952189,952190 CVE References: CVE-2015-2695,CVE-2015-2696,CVE-2015-2697 Sources used: SUSE Linux Enterprise Software Development Kit 12 (src): krb5-1.12.1-19.1 SUSE Linux Enterprise Server 12 (src): krb5-1.12.1-19.1 SUSE Linux Enterprise Desktop 12 (src): krb5-1.12.1-19.1
openSUSE-SU-2015:1928-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 952188,952189,952190 CVE References: CVE-2015-2695,CVE-2015-2696,CVE-2015-2697 Sources used: openSUSE 13.2 (src): krb5-1.12.2-15.1, krb5-mini-1.12.2-15.1 openSUSE 13.1 (src): krb5-1.11.3-3.21.1, krb5-mini-1.11.3-3.21.1
openSUSE-SU-2015:1997-1: An update that solves three vulnerabilities and has one errata is now available. Category: security (important) Bug References: 948011,952188,952189,952190 CVE References: CVE-2015-2695,CVE-2015-2696,CVE-2015-2697 Sources used: openSUSE Leap 42.1 (src): krb5-1.12.1-21.1, krb5-mini-1.12.1-21.1
The update has been released, thus closing the bug report.