Bug 963964 (CVE-2015-8630) - VUL-1: CVE-2015-8630: krb5: krb5 doesn't check for null policy when KADM5_POLICY is set in the mask
Summary: VUL-1: CVE-2015-8630: krb5: krb5 doesn't check for null policy when KADM5_POL...
Status: RESOLVED FIXED
Alias: CVE-2015-8630
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P4 - Low : Minor
Target Milestone: ---
Deadline: 2016-02-11
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/161386/
Whiteboard: maint:running:62471:moderate CVSSv2:R...
Keywords:
Depends on:
Blocks:
 
Reported: 2016-01-28 11:54 UTC by Johannes Segitz
Modified: 2016-04-17 12:30 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2016-01-28 11:54:28 UTC 
rh#1302632

It was reported that in MIT krb5 1.12 and later, an authenticated attacker with permission to modify a principal entry can cause kadmind to dereference a null pointer by supplying a null policy value but including KADM5_POLICY in the mask.

Upstream patch:

https://github.com/krb5/krb5/commit/b863de7fbf080b15e347a736fdda0a82d42f4f6b

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1302632
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8630
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8630
Comment 2 Howard Guo 2016-01-28 12:22:39 UTC 
set to private
Comment 3 Swamp Workflow Management 2016-01-28 12:49:45 UTC 
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2016-02-11.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/62471
Comment 4 Swamp Workflow Management 2016-01-28 23:02:54 UTC 
bugbot adjusting priority
Comment 8 Bernhard Wiedemann 2016-02-02 09:00:10 UTC 
This is an autogenerated message for OBS integration:
This bug (963964) was mentioned in
https://build.opensuse.org/request/show/357307 13.2 / krb5
Comment 9 Swamp Workflow Management 2016-02-10 15:12:03 UTC 
openSUSE-SU-2016:0406-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 963964,963968,963975
CVE References: CVE-2015-8629,CVE-2015-8630,CVE-2015-8631
Sources used:
openSUSE 13.2 (src):    krb5-1.12.2-21.1, krb5-mini-1.12.2-21.1
Comment 10 Swamp Workflow Management 2016-02-11 14:12:48 UTC 
SUSE-SU-2016:0429-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 963964,963968,963975
CVE References: CVE-2015-8629,CVE-2015-8630,CVE-2015-8631
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    krb5-1.12.1-25.1
SUSE Linux Enterprise Software Development Kit 12 (src):    krb5-1.12.1-25.1
SUSE Linux Enterprise Server 12-SP1 (src):    krb5-1.12.1-25.1
SUSE Linux Enterprise Server 12 (src):    krb5-1.12.1-25.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    krb5-1.12.1-25.1
SUSE Linux Enterprise Desktop 12 (src):    krb5-1.12.1-25.1
Comment 11 Swamp Workflow Management 2016-02-18 12:12:56 UTC 
openSUSE-SU-2016:0501-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 963964,963968,963975
CVE References: CVE-2015-8629,CVE-2015-8630,CVE-2015-8631
Sources used:
openSUSE Leap 42.1 (src):    krb5-1.12.1-27.1, krb5-mini-1.12.1-27.1
Comment 12 Marcus Meissner 2016-04-17 12:30:16 UTC 
released