diff options
| -rw-r--r-- | security/krb5-111/Makefile | 7 | ||||
| -rw-r--r-- | security/krb5-111/distinfo | 4 | ||||
| -rw-r--r-- | security/krb5-111/files/patch-lib-apputils-net-server.c | 19 | ||||
| -rw-r--r-- | security/krb5-111/files/patch-plugins__kdb__ldap__libkdb_ldap__ldap_pwd_policy.c | 66 |
4 files changed, 9 insertions, 87 deletions
diff --git a/security/krb5-111/Makefile b/security/krb5-111/Makefile index 9582d2a5082c..db48e4eaa77b 100644 --- a/security/krb5-111/Makefile +++ b/security/krb5-111/Makefile @@ -2,17 +2,18 @@ # $FreeBSD$ PORTNAME= krb5 -PORTVERSION= 1.11.5 -PORTREVISION= 6 +PORTVERSION= 1.11.6 CATEGORIES= security MASTER_SITES= http://web.mit.edu/kerberos/dist/krb5/${PORTVERSION:C/^[0-9]*\.[0-9]*/&X/:C/X\.[0-9]*$//:C/X//}/ PKGNAMESUFFIX= -111 DISTNAME= krb5-${PORTVERSION}-signed EXTRACT_SUFX= .tar +DEPRECATED= EOLed by MIT in December 2014. +EXPIRATION_DATE= 2015-08-31 + PATCH_SITES= http://web.mit.edu/kerberos/advisories/ PATCH_DIST_STRIP= -p2 -PATCHFILES= 2015-001-patch-r111.txt MAINTAINER= cy@FreeBSD.org COMMENT= Authentication system developed at MIT, successor to Kerberos IV diff --git a/security/krb5-111/distinfo b/security/krb5-111/distinfo index 511ee30cb625..d4b7e9011ab2 100644 --- a/security/krb5-111/distinfo +++ b/security/krb5-111/distinfo @@ -1,4 +1,4 @@ -SHA256 (krb5-1.11.5-signed.tar) = d3cee29a50b510526fa692c7c23832df60d4d1cfa66de21e288a897bed6b98c2 -SIZE (krb5-1.11.5-signed.tar) = 11714560 +SHA256 (krb5-1.11.6-signed.tar) = 8f2e879fe5d8f1d8bb1c740a3778cd910af423649e527eb230dbac42b510e743 +SIZE (krb5-1.11.6-signed.tar) = 11755520 SHA256 (2015-001-patch-r111.txt) = d7e1ac2abf76e546680d2789d11aaafe3119a13bbdcd1008b742efea016816e2 SIZE (2015-001-patch-r111.txt) = 12128 diff --git a/security/krb5-111/files/patch-lib-apputils-net-server.c b/security/krb5-111/files/patch-lib-apputils-net-server.c index 01d029809636..ccb8e772f56e 100644 --- a/security/krb5-111/files/patch-lib-apputils-net-server.c +++ b/security/krb5-111/files/patch-lib-apputils-net-server.c @@ -1,6 +1,6 @@ ---- ./lib/apputils/net-server.c.orig 2014-04-17 08:07:05.144912855 +0000 -+++ ./lib/apputils/net-server.c 2014-04-17 08:07:59.603908167 +0000 -@@ -992,8 +992,12 @@ +--- ./lib/apputils/net-server.c.orig 2015-02-24 14:19:36.000000000 -0800 ++++ ./lib/apputils/net-server.c 2015-02-25 16:57:05.339001826 -0800 +@@ -1038,8 +1038,12 @@ case RTM_NEWADDR: return "RTM_NEWADDR"; case RTM_DELADDR: return "RTM_DELADDR"; case RTM_IFINFO: return "RTM_IFINFO"; @@ -13,16 +13,3 @@ case RTM_RESOLVE: return "RTM_RESOLVE"; #ifdef RTM_NEWMADDR case RTM_NEWMADDR: return "RTM_NEWMADDR"; -@@ -1026,8 +1030,12 @@ - case RTM_NEWADDR: - case RTM_DELADDR: - case RTM_IFINFO: -+#ifdef RTM_OLDADD - case RTM_OLDADD: -+#endif -+#ifdef RTM_OLDDEL - case RTM_OLDDEL: -+#endif - /* - * Some flags indicate routing table updates that don't - * indicate local address changes. They may come from diff --git a/security/krb5-111/files/patch-plugins__kdb__ldap__libkdb_ldap__ldap_pwd_policy.c b/security/krb5-111/files/patch-plugins__kdb__ldap__libkdb_ldap__ldap_pwd_policy.c deleted file mode 100644 index 1aec3ef196c7..000000000000 --- a/security/krb5-111/files/patch-plugins__kdb__ldap__libkdb_ldap__ldap_pwd_policy.c +++ /dev/null @@ -1,66 +0,0 @@ -From 5fbb56c4624df9e6b0d0a80f46e5ad37eb79c6c0 Mon Sep 17 00:00:00 2001 -From: Greg Hudson <ghudson@mit.edu> -Date: Fri, 5 Dec 2014 14:01:39 -0500 -Subject: [PATCH] Fix LDAP misused policy name crash [CVE-2014-5353] - -In krb5_ldap_get_password_policy_from_dn, if LDAP_SEARCH returns -successfully with no results, return KRB5_KDB_NOENTRY instead of -returning success with a zeroed-out policy object. This fixes a null -dereference when an admin attempts to use an LDAP ticket policy name -as a password policy name. - -CVE-2014-5353: - -In MIT krb5, when kadmind is configured to use LDAP for the KDC -database, an authenticated remote attacker can cause a NULL dereference -by attempting to use a named ticket policy object as a password policy -for a principal. The attacker needs to be authenticated as a user who -has the elevated privilege for setting password policy by adding or -modifying principals. - -Queries to LDAP scoped to the krbPwdPolicy object class will correctly -not return entries of other classes, such as ticket policy objects, but -may return success with no returned elements if an object with the -requested DN exists in a different object class. In this case, the -routine to retrieve a password policy returned success with a password -policy object that consisted entirely of zeroed memory. In particular, -accesses to the policy name will dereference a NULL pointer. KDC -operation does not access the policy name field, but most kadmin -operations involving the principal with incorrect password policy -will trigger the crash. - -Thanks to Patrik Kis for reporting this problem. - -CVSSv2 Vector: AV:N/AC:M/Au:S/C:N/I:N/A:C/E:H/RL:OF/RC:C - -[kaduk@mit.edu: CVE description and CVSS score] - -(cherry picked from commit d1f707024f1d0af6e54a18885322d70fa15ec4d3) -(cherry picked from commit 0a97ce4411b34e871ae503b78eedf61db27180ea) - -ticket: 8142 (new) -version_fixed: 1.11.6 -status: resolved ---- - src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c -index 09cfb8c..dd1fab8 100644 ---- plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c -+++ plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c -@@ -320,10 +320,11 @@ krb5_ldap_get_password_policy_from_dn(krb5_context context, char *pol_name, - LDAP_SEARCH(pol_dn, LDAP_SCOPE_BASE, "(objectclass=krbPwdPolicy)", password_policy_attributes); - - ent=ldap_first_entry(ld, result); -- if (ent != NULL) { -- if ((st = populate_policy(context, ld, ent, pol_name, *policy)) != 0) -- goto cleanup; -+ if (ent == NULL) { -+ st = KRB5_KDB_NOENTRY; -+ goto cleanup; - } -+ st = populate_policy(context, ld, ent, pol_name, *policy); - - cleanup: - ldap_msgfree(result); |