MITKRB5-SA-2007-002: KDC, kadmind stack overflow in krb5_klog_syslog [CVE-2007-0957]

Mike Dopheide dopheide at ncsa.uiuc.edu
Tue Apr 3 16:48:48 EDT 2007


Attached is a converted patch for 1.4.3 (closer to your 1.4.2).  This 
includes all three advisories.  I just finished compiling, but haven't 
tested it yet so use it at your own risk.

-Mike

Tom Yu wrote:
>>>>>> "mikef" == Mike Friedman <mikef at ack.berkeley.edu> writes:
> 
> mikef> On Tue, 3 Apr 2007 at 14:10 (-0400), Tom Yu wrote:
>>> AFFECTED SOFTWARE
>>> =================
>>>
>>> * MIT krb5 releases through krb5-1.6
> mikef> ...
>>> The patch is available at
>>>
>>> http://web.mit.edu/kerberos/advisories/2007-002-patch.txt
> 
> mikef> Tom,
> 
> mikef> Is the above patch supposed to apply to 1.4.2?  I find several large 
> mikef> discrepancies in the line numbers.  For example, in 
> mikef> src/kadmin/server/misc.c, the 1.4.2 version has only 151 lines, yet the 
> mikef> patch refers to line 171.  There are also significant differences in, for 
> mikef> example, src/kadmin/server/ovsec_kadmd.c.  Plus minor line differences in 
> mikef> other modules for this patch.
> 
> mikef> Is there a different version of this patch for 1.4.2?
> 
> Your patching may be significantly simplified if you are certain that
> vsnprintf() is present on your systems; in that case you may omit the
> changes to files other than src/lib/kadm5/logger.c, at the expense of
> sometimes losing some log data due to vsnprintf() performing
> truncation.  Also, it is probably wise to unconditionally call
> vsnprintf() in logger.c (rather than under #ifdef HAVE_VSNPRINTF) in
> that case.
> 
> krb5-1.5.x had significant changes in some of the affected kadmind and
> KDC code; if there is sufficient interest, we may be able to produce
> additional patches for earlier releases.
> 
> ---Tom
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
> 
> 
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: 2007-123.patch
Url: http://mailman.mit.edu/pipermail/kerberos/attachments/20070403/60c889ef/attachment.bat


More information about the Kerberos mailing list