[v3.0] krb5: kadmin NULL pointer dereference issues (CVE-2014-5353, CVE-2014-5354)
CVE-2014-5353:
The krb5_ldap_get_password_policy_from_dn function in
plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka
krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated
users to cause a denial of service (daemon crash) via a successful LDAP
query with no results, as demonstrated by using an incorrect object type
for a password policy.
CVE-2014-5354:
plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in MIT Kerberos 5 (aka
krb5) 1.12.x and 1.13.x before 1.13.1, when the KDC uses LDAP, allows
remote authenticated users to cause a denial of service (NULL pointer
dereference and daemon crash) by creating a database entry for a keyless
principal, as demonstrated by a kadmin “add_principal -nokey” or
“purgekeys -all” command.
References:
http://seclists.org/oss-sec/2014/q4/1055
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5353
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5354
CVE-2014-5353:
https://github.com/krb5/krb5/commit/d1f707024f1d0af6e54a18885322d70fa15ec4d3
CVE-2014-5354:
https://github.com/krb5/krb5/commit/04038bf3633c4b909b5ded3072dc88c8c419bf16
(from redmine: issue id 3802, created on 2015-01-27, closed on 2015-12-09)
- Relations:
- parent #3799 (closed)
- Changesets:
- Revision f25b0174 by Natanael Copa on 2015-12-09T16:13:35Z:
main/krb5: upgrade to 1.12.4 and fix CVE-2014-5351, CVE-2015-2698
fixes #3802
fixes #4838