From de40003bfd697e98cdd342e253699e83e1040961 Mon Sep 17 00:00:00 2001 From: Cy Schubert Date: Tue, 15 Nov 2022 08:27:50 -0800 Subject: [PATCH] security/krb5-*: Address CVE-2022-42898 Topic: Vulnerabilities in PAC parsing CVE-2022-42898: integer overflow vulnerabilities in PAC parsing SUMMARY ======= Three integer overflow vulnerabilities have been discovered in the MIT krb5 library function krb5_parse_pac(). IMPACT ====== An authenticated attacker may be able to cause a KDC or kadmind process to crash by reading beyond the bounds of allocated memory, creating a denial of service. A privileged attacker may similarly be able to cause a Kerberos or GSS application service to crash. On a 32-bit platform, an authenticated attacker may be able to cause heap corruption in a KDC or kadmind process, possibly leading to remote code execution. A privileged attacker may similarly be able to cause heap corruption in a Kerberos or GSS application service running on a 32-bit platform. An attacker with the privileges of a cross-realm KDC may be able to extract secrets from a KDC process's memory by having them copied into the PAC of a new ticket. AFFECTED SOFTWARE ================= Kerberos and GSS application services using krb5-1.8 or later are affected. kadmind in krb5-1.8 or later is affected. The krb5-1.20 KDC is affected. The krb5-1.8 through krb5-1.19 KDC is affected when using the Samba or FreeIPA KDB modules. REFERENCES ========== This announcement is posted at: https://web.mit.edu/kerberos/advisories/MITKRB5-SA-2022-001.txt This announcement and related security advisories may be found on the MIT Kerberos security advisory page at: https://web.mit.edu/kerberos/advisories/index.html The main MIT Kerberos web page is at: https://web.mit.edu/kerberos/index.html CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42898 MFH: 2022Q4 Security: CVE-2022-42898 --- security/krb5-119/Makefile | 2 ++ security/krb5-119/distinfo | 4 +++- security/krb5-120/Makefile | 2 ++ security/krb5-120/distinfo | 4 +++- 4 files changed, 10 insertions(+), 2 deletions(-) diff --git a/security/krb5-119/Makefile b/security/krb5-119/Makefile index e0668fe68b6b..a598987a8290 100644 --- a/security/krb5-119/Makefile +++ b/security/krb5-119/Makefile @@ -1,5 +1,6 @@ PORTNAME= krb5 PORTVERSION= 1.19.3 +PORTREVISION= 1 CATEGORIES= security MASTER_SITES= http://web.mit.edu/kerberos/dist/${PORTNAME}/${PORTVERSION:C/^[0-9]*\.[0-9]*/&X/:C/X\.[0-9]*$//:C/X//}/ .if !defined(MASTERDIR) @@ -8,6 +9,7 @@ PKGNAMESUFFIX= -119 PATCH_SITES= http://web.mit.edu/kerberos/advisories/ PATCH_DIST_STRIP= -p2 +PATCHFILES= 2022-001-patch-r119.txt MAINTAINER= cy@FreeBSD.org COMMENT= MIT implementation of RFC 4120 network authentication service diff --git a/security/krb5-119/distinfo b/security/krb5-119/distinfo index a5f3bcd0c84b..aee7180b8355 100644 --- a/security/krb5-119/distinfo +++ b/security/krb5-119/distinfo @@ -1,3 +1,5 @@ -TIMESTAMP = 1647101273 +TIMESTAMP = 1668529517 SHA256 (krb5-1.19.3.tar.gz) = 56d04863cfddc9d9eb7af17556e043e3537d41c6e545610778676cf551b9dcd0 SIZE (krb5-1.19.3.tar.gz) = 8741343 +SHA256 (2022-001-patch-r119.txt) = e6e50807528cdda07fe8d946b0b417403168ff1e442ed4dbf099f20262c25867 +SIZE (2022-001-patch-r119.txt) = 3536 diff --git a/security/krb5-120/Makefile b/security/krb5-120/Makefile index 71b22f51b4fc..236ffb297c67 100644 --- a/security/krb5-120/Makefile +++ b/security/krb5-120/Makefile @@ -1,5 +1,6 @@ PORTNAME= krb5 PORTVERSION= 1.20 +PORTREVISION= 1 CATEGORIES= security MASTER_SITES= http://web.mit.edu/kerberos/dist/${PORTNAME}/${PORTVERSION:C/^[0-9]*\.[0-9]*/&X/:C/X\.[0-9]*$//:C/X//}/ .if !defined(MASTERDIR) @@ -8,6 +9,7 @@ PKGNAMESUFFIX= -120 PATCH_SITES= http://web.mit.edu/kerberos/advisories/ PATCH_DIST_STRIP= -p2 +PATCHFILES= 2022-001-patch-r120.txt MAINTAINER= cy@FreeBSD.org COMMENT= MIT implementation of RFC 4120 network authentication service diff --git a/security/krb5-120/distinfo b/security/krb5-120/distinfo index a6aaac17bfbc..bd9dce75f180 100644 --- a/security/krb5-120/distinfo +++ b/security/krb5-120/distinfo @@ -1,3 +1,5 @@ -TIMESTAMP = 1653608400 +TIMESTAMP = 1668529430 SHA256 (krb5-1.20.tar.gz) = 7e022bdd3c851830173f9faaa006a230a0e0fdad4c953e85bff4bf0da036e12f SIZE (krb5-1.20.tar.gz) = 8660756 +SHA256 (2022-001-patch-r120.txt) = 7e4589910db665142ba04b45eb8f64d0a3dd30e67c0010e449048600ece0bcc9 +SIZE (2022-001-patch-r120.txt) = 3539