- Fix multiple checksum handling vulnerabilities

(MITKRB5-SA-2010-007, bnc#650650) CVE-2010-1324 * krb5 GSS-API applications may accept unkeyed checksums * krb5 application services may accept unkeyed PAC checksums * krb5 KDC may accept low-entropy KrbFastArmoredReq checksums CVE-2010-1323 * krb5 clients may accept unkeyed SAM-2 challenge checksums * krb5 may accept KRB-SAFE checksums with low-entropy derived keys CVE-2010-4020 * krb5 may accept authdata checksums with low-entropy derived keys CVE-2010-4021 * krb5 KDC may issue unrequested tickets due to KrbFastReq forgery OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=37
2010-12-01 10:45:18 +00:00 · 2010-12-01 10:45:18 +00:00 · 248552dcc5
commit 248552dcc5
parent 2689697c16
5 changed files with 243 additions and 1 deletions
--- a/MITKRB5-SA-2010-007-1.8.dif
+++ b/MITKRB5-SA-2010-007-1.8.dif
@ -0,0 +1,204 @@
+Index: krb5-1.8/src/plugins/preauth/pkinit/pkinit_srv.c
+===================================================================
+--- krb5-1.8/src/plugins/preauth/pkinit/pkinit_srv.c	(revision 24455)
+++ krb5-1.8/src/plugins/preauth/pkinit/pkinit_srv.c	(working copy)
+@@ -691,8 +691,7 @@
+     krb5_reply_key_pack *key_pack = NULL;
+     krb5_reply_key_pack_draft9 *key_pack9 = NULL;
+     krb5_data *encoded_key_pack = NULL;
+-    unsigned int num_types;
+-    krb5_cksumtype *cksum_types = NULL;
+    krb5_cksumtype cksum_type;
+ 
+     pkinit_kdc_context plgctx;
+     pkinit_kdc_req_context reqctx;
+@@ -882,14 +881,25 @@
+                 retval = ENOMEM;
+                 goto cleanup;
+             }
+-            /* retrieve checksums for a given enctype of the reply key */
+-            retval = krb5_c_keyed_checksum_types(context,
+-                                                 encrypting_key->enctype, &num_types, &cksum_types);
+-            if (retval)
+-                goto cleanup;
+ 
+-            /* pick the first of acceptable enctypes for the checksum */
+-            retval = krb5_c_make_checksum(context, cksum_types[0],
+            switch (encrypting_key->enctype) {
+            case ENCTYPE_DES_CBC_MD4:
+                cksum_type = CKSUMTYPE_RSA_MD4_DES;
+                break;
+            case ENCTYPE_DES_CBC_MD5:
+            case ENCTYPE_DES_CBC_CRC:
+                cksum_type = CKSUMTYPE_RSA_MD5_DES;
+                break;
+            default:
+                retval = krb5int_c_mandatory_cksumtype(context,
+                                                       encrypting_key->enctype,
+                                                       &cksum_type);
+                if (retval)
+                    goto cleanup;
+                break;
+            }
+
+            retval = krb5_c_make_checksum(context, cksum_type,
+                                           encrypting_key, KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM,
+                                           req_pkt, &key_pack->asChecksum);
+             if (retval) {
+@@ -1033,7 +1043,6 @@
+         krb5_free_data(context, encoded_key_pack);
+     free(dh_pubkey);
+     free(server_key);
+-    free(cksum_types);
+ 
+     switch ((int)padata->pa_type) {
+     case KRB5_PADATA_PK_AS_REQ:
+Index: krb5-1.8/src/lib/crypto/krb/cksumtypes.c
+===================================================================
+--- krb5-1.8/src/lib/crypto/krb/cksumtypes.c	(revision 24455)
+++ krb5-1.8/src/lib/crypto/krb/cksumtypes.c	(working copy)
+@@ -101,7 +101,7 @@
+ 
+     { CKSUMTYPE_MD5_HMAC_ARCFOUR,
+       "md5-hmac-rc4", { 0 }, "Microsoft MD5 HMAC",
+-      NULL, &krb5int_hash_md5,
+      &krb5int_enc_arcfour, &krb5int_hash_md5,
+       krb5int_hmacmd5_checksum, NULL,
+       16, 16, 0 },
+ };
+Index: krb5-1.8/src/lib/crypto/krb/keyed_checksum_types.c
+===================================================================
+--- krb5-1.8/src/lib/crypto/krb/keyed_checksum_types.c	(revision 24455)
+++ krb5-1.8/src/lib/crypto/krb/keyed_checksum_types.c	(working copy)
+@@ -35,6 +35,13 @@
+ {
+     if (ctp->flags & CKSUM_UNKEYED)
+         return FALSE;
+    /* Stream ciphers do not play well with RFC 3961 key derivation, so be
+     * conservative with RC4. */
+    if ((ktp->etype == ENCTYPE_ARCFOUR_HMAC ||
+         ktp->etype == ENCTYPE_ARCFOUR_HMAC_EXP) &&
+        ctp->ctype != CKSUMTYPE_HMAC_MD5_ARCFOUR &&
+        ctp->ctype != CKSUMTYPE_MD5_HMAC_ARCFOUR)
+        return FALSE;
+     return (!ctp->enc || ktp->enc == ctp->enc);
+ }
+ 
+Index: krb5-1.8/src/lib/crypto/krb/dk/derive.c
+===================================================================
+--- krb5-1.8/src/lib/crypto/krb/dk/derive.c	(revision 24455)
+++ krb5-1.8/src/lib/crypto/krb/dk/derive.c	(working copy)
+@@ -91,6 +91,8 @@
+     blocksize = enc->block_size;
+     keybytes = enc->keybytes;
+ 
+    if (blocksize == 1)
+        return KRB5_BAD_ENCTYPE;
+     if (inkey->keyblock.length != enc->keylength || outrnd->length != keybytes)
+         return KRB5_CRYPTO_INTERNAL;
+ 
+Index: krb5-1.8/src/lib/gssapi/krb5/util_crypt.c
+===================================================================
+--- krb5-1.8/src/lib/gssapi/krb5/util_crypt.c	(revision 24455)
+++ krb5-1.8/src/lib/gssapi/krb5/util_crypt.c	(working copy)
+@@ -119,10 +119,22 @@
+     if (code != 0)
+         return code;
+ 
+-    code = (*kaccess.mandatory_cksumtype)(context, subkey->keyblock.enctype,
+-                                          cksumtype);
+-    if (code != 0)
+-        return code;
+    switch (subkey->keyblock.enctype) {
+    case ENCTYPE_DES_CBC_MD4:
+        *cksumtype = CKSUMTYPE_RSA_MD4_DES;
+        break;
+    case ENCTYPE_DES_CBC_MD5:
+    case ENCTYPE_DES_CBC_CRC:
+        *cksumtype = CKSUMTYPE_RSA_MD5_DES;
+        break;
+    default:
+        code = (*kaccess.mandatory_cksumtype)(context,
+                                              subkey->keyblock.enctype,
+                                              cksumtype);
+        if (code != 0)
+            return code;
+        break;
+    }
+ 
+     switch (subkey->keyblock.enctype) {
+     case ENCTYPE_DES_CBC_MD5:
+Index: krb5-1.8/src/lib/krb5/krb/pac.c
+===================================================================
+--- krb5-1.8/src/lib/krb5/krb/pac.c	(revision 24455)
+++ krb5-1.8/src/lib/krb5/krb/pac.c	(working copy)
+@@ -582,6 +582,8 @@
+     checksum.checksum_type = load_32_le(p);
+     checksum.length = checksum_data.length - PAC_SIGNATURE_DATA_LENGTH;
+     checksum.contents = p + PAC_SIGNATURE_DATA_LENGTH;
+    if (!krb5_c_is_keyed_cksum(checksum.checksum_type))
+        return KRB5KRB_AP_ERR_INAPP_CKSUM;
+ 
+     pac_data.length = pac->data.length;
+     pac_data.data = malloc(pac->data.length);
+Index: krb5-1.8/src/lib/krb5/krb/preauth2.c
+===================================================================
+--- krb5-1.8/src/lib/krb5/krb/preauth2.c	(revision 24455)
+++ krb5-1.8/src/lib/krb5/krb/preauth2.c	(working copy)
+@@ -1578,7 +1578,9 @@
+ 
+     cksum = sc2->sam_cksum;
+ 
+-    while (*cksum) {
+    for (; *cksum; cksum++) {
+        if (!krb5_c_is_keyed_cksum((*cksum)->checksum_type))
+            continue;
+         /* Check this cksum */
+         retval = krb5_c_verify_checksum(context, as_key,
+                                         KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM,
+@@ -1592,7 +1594,6 @@
+         }
+         if (valid_cksum)
+             break;
+-        cksum++;
+     }
+ 
+     if (!valid_cksum) {
+Index: krb5-1.8/src/lib/krb5/krb/mk_safe.c
+===================================================================
+--- krb5-1.8/src/lib/krb5/krb/mk_safe.c	(revision 24455)
+++ krb5-1.8/src/lib/krb5/krb/mk_safe.c	(working copy)
+@@ -215,10 +215,28 @@
+             for (i = 0; i < nsumtypes; i++)
+                 if (auth_context->safe_cksumtype == sumtypes[i])
+                     break;
+-            if (i == nsumtypes)
+-                i = 0;
+-            sumtype = sumtypes[i];
+             krb5_free_cksumtypes (context, sumtypes);
+            if (i < nsumtypes)
+                sumtype = auth_context->safe_cksumtype;
+            else {
+                switch (enctype) {
+                case ENCTYPE_DES_CBC_MD4:
+                    sumtype = CKSUMTYPE_RSA_MD4_DES;
+                    break;
+                case ENCTYPE_DES_CBC_MD5:
+                case ENCTYPE_DES_CBC_CRC:
+                    sumtype = CKSUMTYPE_RSA_MD5_DES;
+                    break;
+                default:
+                    retval = krb5int_c_mandatory_cksumtype(context, enctype,
+                                                           &sumtype);
+                    if (retval) {
+                        CLEANUP_DONE();
+                        goto error;
+                    }
+                    break;
+                }
+            }
+         }
+         if ((retval = krb5_mk_safe_basic(context, userdata, key, &replaydata,
+                                          plocal_fulladdr, premote_fulladdr,
+
+
--- a/krb5-mini.changes
+++ b/krb5-mini.changes
@ -1,3 +1,20 @@
+-------------------------------------------------------------------
+Wed Dec  1 11:44:15 CET 2010 - mc@suse.de
+
+- Fix multiple checksum handling vulnerabilities 
+  (MITKRB5-SA-2010-007, bnc#650650)
+  CVE-2010-1324
+  * krb5 GSS-API applications may accept unkeyed checksums
+  * krb5 application services may accept unkeyed PAC checksums
+  * krb5 KDC may accept low-entropy KrbFastArmoredReq checksums
+  CVE-2010-1323
+  * krb5 clients may accept unkeyed SAM-2 challenge checksums
+  * krb5 may accept KRB-SAFE checksums with low-entropy derived keys
+  CVE-2010-4020
+  * krb5 may accept authdata checksums with low-entropy derived keys
+  CVE-2010-4021
+  * krb5 KDC may issue unrequested tickets due to KrbFastReq forgery 
+
 -------------------------------------------------------------------
 Thu Oct 28 12:53:13 CEST 2010 - mc@suse.de

--- a/krb5-mini.spec
+++ b/krb5-mini.spec
@ -1,5 +1,5 @@
 #
-# spec file for package krb5-mini (Version 1.8.3)
+# spec file for package krb5 (Version 1.8.3)
 #
 # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
@ -56,6 +56,7 @@ Patch6:         krb5-1.6.3-kpasswd_tcp.patch
 Patch7:         krb5-1.6.3-ktutil-manpage.dif
 Patch8:         krb5-1.6.3-fix-ipv6-query.dif
 Patch12:        krb5-1.8-MITKRB5-SA-2010-006.dif
+Patch13:        MITKRB5-SA-2010-007-1.8.dif
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 PreReq:         mktemp, grep, /bin/touch, coreutils
 PreReq:         %insserv_prereq %fillup_prereq 
@ -204,6 +205,7 @@ Authors:
 %patch7 -p1
 %patch8 -p1
 %patch12 -p1
+%patch13 -p1
 # Rename the man pages so that they'll get generated correctly.
 pushd src
 cat %{SOURCE10} | while read manpage ; do
--- a/krb5.changes
+++ b/krb5.changes
@ -1,3 +1,20 @@
+-------------------------------------------------------------------
+Wed Dec  1 11:44:15 CET 2010 - mc@suse.de
+
+- Fix multiple checksum handling vulnerabilities 
+  (MITKRB5-SA-2010-007, bnc#650650)
+  CVE-2010-1324
+  * krb5 GSS-API applications may accept unkeyed checksums
+  * krb5 application services may accept unkeyed PAC checksums
+  * krb5 KDC may accept low-entropy KrbFastArmoredReq checksums
+  CVE-2010-1323
+  * krb5 clients may accept unkeyed SAM-2 challenge checksums
+  * krb5 may accept KRB-SAFE checksums with low-entropy derived keys
+  CVE-2010-4020
+  * krb5 may accept authdata checksums with low-entropy derived keys
+  CVE-2010-4021
+  * krb5 KDC may issue unrequested tickets due to KrbFastReq forgery 
+
 -------------------------------------------------------------------
 Thu Oct 28 12:53:13 CEST 2010 - mc@suse.de

--- a/krb5.spec
+++ b/krb5.spec
@ -56,6 +56,7 @@ Patch6:         krb5-1.6.3-kpasswd_tcp.patch
 Patch7:         krb5-1.6.3-ktutil-manpage.dif
 Patch8:         krb5-1.6.3-fix-ipv6-query.dif
 Patch12:        krb5-1.8-MITKRB5-SA-2010-006.dif
+Patch13:        MITKRB5-SA-2010-007-1.8.dif
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 PreReq:         mktemp, grep, /bin/touch, coreutils
 PreReq:         %insserv_prereq %fillup_prereq 
@ -204,6 +205,7 @@ Authors:
 %patch7 -p1
 %patch8 -p1
 %patch12 -p1
+%patch13 -p1
 # Rename the man pages so that they'll get generated correctly.
 pushd src
 cat %{SOURCE10} | while read manpage ; do