Bug 825985 (CVE-2002-2443) - VUL-0: krb5: CVE-2002-2443: Fix kpasswd UDP ping-pong
Summary: VUL-0: krb5: CVE-2002-2443: Fix kpasswd UDP ping-pong
Status: RESOLVED FIXED
: 871411 (view as bug list)
Alias: CVE-2002-2443
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P2 - High : Critical
Target Milestone: ---
Deadline: 2013-07-10
Assignee: Security Team bot
QA Contact: Security Team bot
URL:
Whiteboard: wasL3:39376 maint:released:sle11-sp1:...
Keywords: DSLA_REQUIRED, DSLA_SOLUTION_PROVIDED
Depends on:
Blocks:
 
Reported: 2013-06-20 09:14 UTC by Alexander Bergmann
Modified: 2018-12-16 15:36 UTC (History)
7 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2013-06-20 09:14:40 UTC 
Public via:

http://krbdev.mit.edu/rt/Ticket/Display.html?id=7637

Fix kpasswd UDP ping-pong [CVE-2002-2443]

The kpasswd service provided by kadmind was vulnerable to a UDP
"ping-pong" attack [CVE-2002-2443].  Don't respond to packets unless
they pass some basic validation, and don't respond to our own error
packets.

Some authors use CVE-1999-0103 to refer to the kpasswd UDP ping-pong
attack or UDP ping-pong attacks in general, but there is discussion
leading toward narrowing the definition of CVE-1999-0103 to the echo,
chargen, or other similar built-in inetd services.

Thanks to Vincent Danen for alerting us to this issue.


Reference:
https://bugzilla.redhat.com/show_bug.cgi?id=962531
https://github.com/krb5/krb5/commit/cf1a0c411b2668c57c41e9c4efd15ba17b6b322c
Comment 1 Swamp Workflow Management 2013-06-20 16:00:28 UTC 
bugbot adjusting priority
Comment 3 Michael Calmer 2013-06-21 04:24:47 UTC 
Packages submitted and start a maintenance request.
re-assign to security team for tracking
Comment 4 Swamp Workflow Management 2013-06-26 02:44:42 UTC 
The SWAMPID for this issue is 53243.
This issue was rated as moderate.
Please submit fixed packages until 2013-07-10.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 5 Bernhard Wiedemann 2013-06-27 15:00:08 UTC 
This is an autogenerated message for OBS integration:
This bug (825985) was mentioned in
https://build.opensuse.org/request/show/181204 Evergreen:11.2 / krb5
Comment 9 Swamp Workflow Management 2013-07-02 10:04:49 UTC 
openSUSE-SU-2013:1119-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 825985
CVE References: CVE-2002-2443
Sources used:
openSUSE 12.3 (src):    krb5-1.10.2-10.17.1, krb5-doc-1.10.2-10.17.2, krb5-mini-1.10.2-10.17.1
openSUSE 12.2 (src):    krb5-1.10.2-3.20.1, krb5-doc-1.10.2-3.20.2, krb5-mini-1.10.2-3.20.1
Comment 11 Bernhard Wiedemann 2013-07-02 14:00:15 UTC 
This is an autogenerated message for OBS integration:
This bug (825985) was mentioned in
https://build.opensuse.org/request/show/181756 Evergreen:11.2 / krb5
Comment 14 Marcus Meissner 2013-07-12 12:21:20 UTC 
released now.
Comment 17 Swamp Workflow Management 2013-07-12 14:56:00 UTC 
Update released for: krb5, krb5-32bit, krb5-apps-clients, krb5-apps-servers, krb5-client, krb5-debuginfo, krb5-debuginfo-32bit, krb5-debuginfo-x86, krb5-debugsource, krb5-devel, krb5-devel-32bit, krb5-server, krb5-x86
Products:
SLE-DEBUGINFO 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP3 (i386, x86_64)
SLE-SDK 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLES4VMWARE 11-SP3 (i386, x86_64)
Comment 19 Swamp Workflow Management 2013-07-12 15:05:22 UTC 
Update released for: krb5, krb5-32bit, krb5-apps-clients, krb5-apps-servers, krb5-client, krb5-debuginfo, krb5-debuginfo-32bit, krb5-debuginfo-x86, krb5-debugsource, krb5-devel, krb5-devel-32bit, krb5-server, krb5-x86
Products:
SLE-DEBUGINFO 11-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP2 (i386, x86_64)
SLE-SDK 11-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLES4VMWARE 11-SP2 (i386, x86_64)
Comment 20 Swamp Workflow Management 2013-07-12 15:52:08 UTC 
Update released for: krb5, krb5-32bit, krb5-64bit, krb5-apps-clients, krb5-apps-servers, krb5-client, krb5-debuginfo, krb5-devel, krb5-devel-32bit, krb5-devel-64bit, krb5-server, krb5-x86
Products:
SLE-DEBUGINFO 10-SP4 (i386, ia64, ppc, s390x, x86_64)
SLE-DESKTOP 10-SP4 (i386, x86_64)
SLE-SDK 10-SP4 (i386, ia64, ppc, s390x, x86_64)
SLE-SERVER 10-SP4 (i386, ia64, ppc, s390x, x86_64)
Comment 21 Ahmad Sadeghpour 2013-07-12 16:01:26 UTC 
(In reply to comment #18)
>     Can we please get 32-bit krb5 PTFs? As in, something like
>     krb5-32bit-1.6.3-133.46.1.x86_64.rpm.

my understanding is that now all version and all flavors are part of security update that is released.
Comment 23 Bogdano Arendartchuk 2013-07-12 19:16:47 UTC 
Closing.
Comment 24 Ahmad Sadeghpour 2013-07-15 10:21:18 UTC 
(In reply to comment #23)
> Closing.

I am afraid public release missing the SLES11 SP1 fix for both 32 and 64 bits, so I am re-opening.
Comment 29 Leonardo Chiquitto 2014-05-12 11:20:50 UTC 
*** Bug 871411 has been marked as a duplicate of this bug. ***
Comment 30 Leonardo Chiquitto 2014-12-06 13:08:18 UTC 
*** Bug 871411 has been marked as a duplicate of this bug. ***