pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/security/mit-krb5 Security fixes for SA21402:
details: https://anonhg.NetBSD.org/pkgsrc/rev/fa8bc42410c8
branches: trunk
changeset: 517358:fa8bc42410c8
user: salo <salo%pkgsrc.org@localhost>
date: Wed Aug 09 17:31:10 2006 +0000
description:
Security fixes for SA21402:
"A security issue has been reported in Kerberos, which potentially can
be exploited by malicious, local users to perform certain actions with
escalated privileges.
The security issue is caused due to missing checks for whether the
"setuid()" call has succeeded in the bundled krshd and v4rcp
applications. This can be exploited to disclose or manipulate the
contents of arbitrary files or execute arbitrary code with root
privileges if the "setuid()" call fails due to e.g. resource limits."
http://secunia.com/advisories/21402/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3084
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-001-setuid.txt
Bump PKGREVISION.
diffstat:
security/mit-krb5/Makefile | 4 +-
security/mit-krb5/distinfo | 9 +++++++-
security/mit-krb5/patches/patch-am | 39 ++++++++++++++++++++++++++++++++++++++
security/mit-krb5/patches/patch-an | 30 +++++++++++++++++++++++++++++
security/mit-krb5/patches/patch-ao | 38 +++++++++++++++++++++++++++++++++++++
security/mit-krb5/patches/patch-ap | 18 +++++++++++++++++
security/mit-krb5/patches/patch-aq | 24 +++++++++++++++++++++++
security/mit-krb5/patches/patch-ar | 20 +++++++++++++++++++
security/mit-krb5/patches/patch-as | 20 +++++++++++++++++++
9 files changed, 199 insertions(+), 3 deletions(-)
diffs (251 lines):
diff -r 68955afdd267 -r fa8bc42410c8 security/mit-krb5/Makefile
--- a/security/mit-krb5/Makefile Wed Aug 09 17:13:58 2006 +0000
+++ b/security/mit-krb5/Makefile Wed Aug 09 17:31:10 2006 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.37 2006/04/22 09:22:14 rillig Exp $
+# $NetBSD: Makefile,v 1.38 2006/08/09 17:31:10 salo Exp $
DISTNAME= krb5-1.4.2
PKGNAME= mit-${DISTNAME:S/-signed$//}
-PKGREVISION= 2
+PKGREVISION= 3
CATEGORIES= security
MASTER_SITES= http://web.mit.edu/kerberos/dist/krb5/1.4/
DISTFILES= ${DISTNAME}-signed${EXTRACT_SUFX}
diff -r 68955afdd267 -r fa8bc42410c8 security/mit-krb5/distinfo
--- a/security/mit-krb5/distinfo Wed Aug 09 17:13:58 2006 +0000
+++ b/security/mit-krb5/distinfo Wed Aug 09 17:31:10 2006 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.14 2006/03/17 15:44:45 joerg Exp $
+$NetBSD: distinfo,v 1.15 2006/08/09 17:31:10 salo Exp $
SHA1 (krb5-1.4.2-signed.tar) = bbc03bd319d539fb9523c2545d80ba0784522e88
RMD160 (krb5-1.4.2-signed.tar) = 44500f5fab8e5959cf43f17f5f52f68e2dc73a1f
@@ -14,3 +14,10 @@
SHA1 (patch-aj) = 5c633571ea932ce349065cbb4c3bf482cc971675
SHA1 (patch-ak) = 9d95372fd8edddbf0366e83a51d7a0b8a507f218
SHA1 (patch-al) = fb611fe47bd7c773d7baf11424e90cd3af70c422
+SHA1 (patch-am) = 050690479d75c5df6e89424bac594ab48ae98a8c
+SHA1 (patch-an) = ccf76eecb4a0f3b4c7addd37ab8391dc831caa41
+SHA1 (patch-ao) = 22f907ce8c6d66582523b05326a9e8d56ae28401
+SHA1 (patch-ap) = c77a8f7bc35aa184e510bac576c12f55d5cfbf65
+SHA1 (patch-aq) = 52429b712ca7a478caeb76fd165585c7aab7fa02
+SHA1 (patch-ar) = 37807c14f03533aef8796ac90e5fac36ff98308a
+SHA1 (patch-as) = b155219fd512b59f698497af1bf6acf1ca4f4a34
diff -r 68955afdd267 -r fa8bc42410c8 security/mit-krb5/patches/patch-am
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/mit-krb5/patches/patch-am Wed Aug 09 17:31:10 2006 +0000
@@ -0,0 +1,39 @@
+$NetBSD: patch-am,v 1.1 2006/08/09 17:31:10 salo Exp $
+
+Security fix for SA21402.
+
+--- appl/gssftp/ftpd/ftpd.c.orig 2005-01-21 23:46:46.000000000 +0100
++++ appl/gssftp/ftpd/ftpd.c 2006-08-09 18:52:53.000000000 +0200
+@@ -1368,7 +1368,9 @@ getdatasock(fmode)
+ goto bad;
+ sleep(tries);
+ }
+- (void) krb5_seteuid((uid_t)pw->pw_uid);
++ if (krb5_seteuid((uid_t)pw->pw_uid)) {
++ fatal("seteuid user");
++ }
+ #ifdef IP_TOS
+ #ifdef IPTOS_THROUGHPUT
+ on = IPTOS_THROUGHPUT;
+@@ -1378,7 +1380,9 @@ getdatasock(fmode)
+ #endif
+ return (fdopen(s, fmode));
+ bad:
+- (void) krb5_seteuid((uid_t)pw->pw_uid);
++ if (krb5_seteuid((uid_t)pw->pw_uid)) {
++ fatal("seteuid user");
++ }
+ (void) close(s);
+ return (NULL);
+ }
+@@ -2187,7 +2191,9 @@ passive()
+ (void) krb5_seteuid((uid_t)pw->pw_uid);
+ goto pasv_error;
+ }
+- (void) krb5_seteuid((uid_t)pw->pw_uid);
++ if (krb5_seteuid((uid_t)pw->pw_uid)) {
++ fatal("seteuid user");
++ }
+ len = sizeof(pasv_addr);
+ if (getsockname(pdata, (struct sockaddr *) &pasv_addr, &len) < 0)
+ goto pasv_error;
diff -r 68955afdd267 -r fa8bc42410c8 security/mit-krb5/patches/patch-an
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/mit-krb5/patches/patch-an Wed Aug 09 17:31:10 2006 +0000
@@ -0,0 +1,30 @@
+$NetBSD: patch-an,v 1.1 2006/08/09 17:31:10 salo Exp $
+
+Security fix for SA21402.
+
+--- appl/bsd/v4rcp.c.orig 2002-07-12 22:21:31.000000000 +0200
++++ appl/bsd/v4rcp.c 2006-08-09 18:52:53.000000000 +0200
+@@ -436,7 +436,10 @@ int main(argc, argv)
+ kstream_set_buffer_mode (krem, 0);
+ #endif /* KERBEROS && !NOENCRYPTION */
+ (void) response();
+- (void) setuid(userid);
++ if (setuid(userid)) {
++ error("rcp: can't setuid(user)\n");
++ exit(1);
++ }
+ source(--argc, ++argv);
+ exit(errs);
+
+@@ -452,7 +455,10 @@ int main(argc, argv)
+ krem = kstream_create_from_fd (rem, 0, 0);
+ kstream_set_buffer_mode (krem, 0);
+ #endif /* KERBEROS && !NOENCRYPTION */
+- (void) setuid(userid);
++ if (setuid(userid)) {
++ error("rcp: can't setuid(user)\n");
++ exit(1);
++ }
+ sink(--argc, ++argv);
+ exit(errs);
+
diff -r 68955afdd267 -r fa8bc42410c8 security/mit-krb5/patches/patch-ao
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/mit-krb5/patches/patch-ao Wed Aug 09 17:31:10 2006 +0000
@@ -0,0 +1,38 @@
+$NetBSD: patch-ao,v 1.1 2006/08/09 17:31:10 salo Exp $
+
+Security fix for SA21402.
+
+--- appl/bsd/krcp.c.orig 2003-05-10 02:00:58.000000000 +0200
++++ appl/bsd/krcp.c 2006-08-09 18:52:53.000000000 +0200
+@@ -620,7 +620,9 @@ int main(argc, argv)
+
+ euid = geteuid();
+ if (euid == 0) {
+- (void) setuid(0);
++ if (setuid(0)) {
++ perror("rcp setuid 0"); errs++; exit(errs);
++ }
+ if(krb5_seteuid(userid)) {
+ perror("rcp seteuid user"); errs++; exit(errs);
+ }
+@@ -638,11 +640,17 @@ int main(argc, argv)
+ continue;
+ rcmd_stream_init_normal();
+ #ifdef HAVE_SETREUID
+- (void) setreuid(0, userid);
++ if (setreuid(0, userid)) {
++ perror("rcp setreuid 0,user"); errs++; exit(errs);
++ }
+ sink(1, argv+argc-1);
+- (void) setreuid(userid, 0);
++ if (setreuid(userid, 0)) {
++ perror("rcp setreuid user,0"); errs++; exit(errs);
++ }
+ #else
+- (void) setuid(0);
++ if (setuid(0)) {
++ perror("rcp setuid 0"); errs++; exit(errs);
++ }
+ if(seteuid(userid)) {
+ perror("rcp seteuid user"); errs++; exit(errs);
+ }
diff -r 68955afdd267 -r fa8bc42410c8 security/mit-krb5/patches/patch-ap
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/mit-krb5/patches/patch-ap Wed Aug 09 17:31:10 2006 +0000
@@ -0,0 +1,18 @@
+$NetBSD: patch-ap,v 1.1 2006/08/09 17:31:10 salo Exp $
+
+Security fix for SA21402.
+
+--- appl/bsd/login.c.orig 2005-04-07 23:17:25.000000000 +0200
++++ appl/bsd/login.c 2006-08-09 18:52:53.000000000 +0200
+@@ -1648,7 +1648,10 @@ int main(argc, argv)
+ }
+ #endif /* HAVE_SETLUID */
+ #ifdef _IBMR2
+- setuidx(ID_LOGIN, pwd->pw_uid);
++ if (setuidx(ID_LOGIN, pwd->pw_uid) < 0) {
++ perror("setuidx");
++ sleepexit(1);
++ };
+ #endif
+
+ /* This call MUST succeed */
diff -r 68955afdd267 -r fa8bc42410c8 security/mit-krb5/patches/patch-aq
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/mit-krb5/patches/patch-aq Wed Aug 09 17:31:10 2006 +0000
@@ -0,0 +1,24 @@
+$NetBSD: patch-aq,v 1.1 2006/08/09 17:31:10 salo Exp $
+
+Security fix for SA21402.
+
+--- appl/bsd/krshd.c.orig 2005-04-07 23:17:25.000000000 +0200
++++ appl/bsd/krshd.c 2006-08-09 18:52:53.000000000 +0200
+@@ -1379,9 +1379,15 @@ void doit(f, fromp)
+ * If we're on a system which keeps track of login uids, then
+ * set the login uid.
+ */
+- setluid((uid_t) pwd->pw_uid);
++ if (setluid((uid_t) pwd->pw_uid) < 0) {
++ perror("setluid");
++ _exit(1);
++ }
+ #endif /* HAVE_SETLUID */
+- (void) setuid((uid_t)pwd->pw_uid);
++ if (setuid((uid_t)pwd->pw_uid) < 0) {
++ perror("setuid");
++ _exit(1);
++ }
+ /* if TZ is set in the parent, drag it in */
+ {
+ char **findtz = environ;
diff -r 68955afdd267 -r fa8bc42410c8 security/mit-krb5/patches/patch-ar
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/mit-krb5/patches/patch-ar Wed Aug 09 17:31:10 2006 +0000
@@ -0,0 +1,20 @@
+$NetBSD: patch-ar,v 1.1 2006/08/09 17:31:10 salo Exp $
+
+Security fix for SA21402.
+
+--- clients/ksu/main.c.orig 2002-08-14 21:14:49.000000000 +0200
++++ clients/ksu/main.c 2006-08-09 18:52:53.000000000 +0200
+@@ -892,8 +892,11 @@ static void sweep_up(context, cc)
+ const char * cc_name;
+ struct stat st_temp;
+
+- krb5_seteuid(0);
+- krb5_seteuid(target_uid);
++ if (krb5_seteuid(0) < 0 || krb5_seteuid(target_uid) < 0) {
++ com_err(prog_name, errno,
++ "while returning to source uid for destroying ccache");
++ exit(1);
++ }
+
+ cc_name = krb5_cc_get_name(context, cc);
+ if ( ! stat(cc_name, &st_temp)){
diff -r 68955afdd267 -r fa8bc42410c8 security/mit-krb5/patches/patch-as
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/mit-krb5/patches/patch-as Wed Aug 09 17:31:10 2006 +0000
@@ -0,0 +1,20 @@
+$NetBSD: patch-as,v 1.1 2006/08/09 17:31:10 salo Exp $
+
+Security fix for SA21402.
+
+--- lib/krb4/kuserok.c.orig 2003-03-05 04:38:51.000000000 +0100
++++ lib/krb4/kuserok.c 2006-08-09 18:52:53.000000000 +0200
+@@ -159,9 +159,11 @@ kuserok(kdata, luser)
+ */
+ if(getuid() == 0) {
+ uid_t old_euid = geteuid();
+- seteuid(pwd->pw_uid);
++ if (seteuid(pwd->pw_uid) < 0)
++ return NOTOK;
+ fp = fopen(pbuf, "r");
+- seteuid(old_euid);
++ if (seteuid(old_euid) < 0)
++ return NOTOK;
+ if ((fp) == NULL) {
+ return(NOTOK);
+ }
Home |
Main Index |
Thread Index |
Old Index