Debian
libapache-mod-auth-kerb package

remote heap buffer overflow DoS/code exec

Bug #78486 reported by Kees Cook on 2007-01-08

8

Affects		Status	Importance	Assigned to	Milestone
	libapache-mod-auth-kerb (Debian)	Fix Released	Unknown	debbugs #400589
	libapache-mod-auth-kerb (Ubuntu)	Invalid	Undecided	Unassigned
	Breezy	Fix Released	Undecided	Unassigned
	Dapper	Fix Released	Undecided	Unassigned
	Edgy	Fix Released	Undecided	Unassigned

Bug Description

Binary package hint: libapache-mod-auth-kerb

Security vulnerability.

CVE References

2006-5989

Revision history for this message

Kees Cook (kees) wrote on 2007-01-08:

#1

Version 5.3-1, in Feisty, is not vulnerable.

Changed in libapache-mod-auth-kerb:
status:	Unconfirmed → Rejected

Bug Watch Updater (bug-watch-updater) on 2007-01-09

Changed in libapache-mod-auth-kerb:
status:	Unknown → Confirmed

Revision history for this message

Michael Bienia (geser) wrote on 2007-01-19:

#2

Here is a patch extracted from DSA-1247-1:

--- libapache-mod-auth-kerb-4.996-5.0-rc6.orig/spnegokrb5/der_get.c
+++ libapache-mod-auth-kerb-4.996-5.0-rc6/spnegokrb5/der_get.c
@@ -151,7 +151,7 @@
if (len < 1)
return ASN1_OVERRUN;

- data->components = malloc(len * sizeof(*data->components));
+ data->components = malloc((len + 1) * sizeof(*data->components));
     if (data->components == NULL && len != 0)
        return ENOMEM;
     data->components[0] = (*p) / 40;

Revision history for this message

Michael Bienia (geser) wrote on 2007-01-19:

#3

debdiff for edgy Edit (3.2 KiB, text/plain)

Here is a debdiff for edgy.

Revision history for this message

Michael Bienia (geser) wrote on 2007-01-19:

#4

debdiff for dapper Edit (2.0 KiB, text/plain)

Here is a debdiff for dapper.

Revision history for this message

Michael Bienia (geser) wrote on 2007-01-19:

#5

debdiff for breezy Edit (2.0 KiB, text/plain)

Here is a debdiff for breezy.

Revision history for this message

Michael Bienia (geser) wrote on 2007-01-19:

#6

I could only test if the package for edgy builds.
As I've no pbuilder for dapper and breezy anymore I couldn't test the build for those.

Revision history for this message

Michael Bienia (geser) wrote on 2007-01-19:

#7

debdiff for edgy (updated) Edit (3.7 KiB, text/plain)

Here is an updated debdiff for edgy as the last didn't fix the FTBFS.
It now has the fix for the FTBFS backported from feisty.

Revision history for this message

Kees Cook (kees) wrote on 2007-01-22:

#8

Great! These look good, thanks. Don't worry about setting "urgency"; Ubuntu doesn't actually use that field yet. I'm building them now, and I'll get them published shortly.

Kees Cook (kees) on 2007-01-22

Changed in libapache-mod-auth-kerb:
status:	Unconfirmed → Fix Committed
status:	Unconfirmed → Fix Committed
status:	Unconfirmed → Fix Committed

magilus (magilus) on 2007-01-27

Changed in libapache-mod-auth-kerb:
status:	Fix Committed → Fix Released
status:	Fix Committed → Fix Released
status:	Fix Committed → Fix Released

Bug Watch Updater (bug-watch-updater) on 2007-05-29

Changed in libapache-mod-auth-kerb:
status:	Confirmed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

Add patch

Remote bug watches

debbugs #400589
[done important confirmed security fixed-upstream] Edit

Bug watches keep track of this bug in other bug trackers.