[krbdev.mit.edu #9181] git commit
Greg Hudson via RT
rt at krbdev.mit.edu
Wed Aug 20 14:30:57 EDT 2025
<URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=9181 >
Fix krb5 GSS MIC verification
Commit 7ae0adcdf16687810f747e284c9fb571a561c5bd contains a pair of
bugs that, in combination, result in the acceptance of MIC tokens with
invalid checksums.
In kg_verify_checksum_v3(), properly set bytes 4..7 to 0xFF in the
composed token header for MIC tokens. In verify_mic_v3(), properly
check the return value of kg_verify_checksum_v3(). In t_invalid.c,
test invalid MIC tokens by altering the bytes of a valid MIC.
Reported by Francis Dupont.
CVE-2025-57736:
MIT krb5 release 1.22 incorrectly accepts krb5 GSS-API MIC tokens with
invalid checksums.
(cherry picked from commit 83cd76b11b069afbc6162edecb30096571e89dd5)
https://github.com/krb5/krb5/commit/2531770c10115cb8b5ff529f813d86fa5a36db4c
Author: Greg Hudson <ghudson at mit.edu>
Commit: 2531770c10115cb8b5ff529f813d86fa5a36db4c
Branch: krb5-1.22
src/lib/gssapi/krb5/util_crypt.c | 10 +++++++---
src/lib/gssapi/krb5/verify_mic.c | 11 ++++-------
src/tests/gssapi/t_invalid.c | 29 +++++++++++++++++++++++++++++
3 files changed, 40 insertions(+), 10 deletions(-)
More information about the krb5-bugs
mailing list