Package: krb5
Severity: grave
Justification: user security hole
http://www.gentoo.org/security/en/glsa/glsa-200608-15.xml
appies to debian too
2006-001-patch_1.5.txt - is from gentoo, applies to debian krb5 too,
with some hunks succeding in different places
krb5-1.3.6-patch - is the diff between debian stable krb5 1.3.6-2sarge2
and the patched version, this should apply cleanly
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-386
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
-- Package Information:
Package: krb5-ftpd
Priority: extra
Section: net
Installed-Size: 104
Maintainer: Sam Hartman <[EMAIL PROTECTED]>
Architecture: i386
Source: krb5
Version: 1.3.6-2sarge2
Provides: ftp-server
Depends: libc6 (>= 2.3.2.ds1-21), libcomerr2 (>= 1.33-3), libkrb53 (>=
1.3.2), libkrb53 (= 1.3.6-2sarge2), netbase, krb5-config
Conflicts: ftpd
Filename: pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge2_i386.deb
Size: 52186
MD5sum: 00356fdf1a8534d13942ad3d58426da5
SHA1: 92d50e2a319be7e27fcf98c40051495543c8fc7d
SHA256: 25d47a7fb63ee8239c5e0438ef3d0a0a8b04bf9f33e9387840f1a4a41ff07037
Description: Secure FTP server supporting MIT Kerberos
Kerberos is a system for authenticating users and services on a
network.
Kerberos is a trusted third-party service. That means that there is a
third party (the kerberos server) that is trusted by all the entities
on
the network (users and services, usually called "principals").
.
This is the MIT reference implementation of Kerberos5.
Index: appl/gssftp/ftpd/ftpd.c
===================================================================
*** appl/gssftp/ftpd/ftpd.c (revision 18419)
--- appl/gssftp/ftpd/ftpd.c (working copy)
***************
*** 1367,1373 ****
goto bad;
sleep(tries);
}
! (void) krb5_seteuid((uid_t)pw->pw_uid);
#ifdef IP_TOS
#ifdef IPTOS_THROUGHPUT
on = IPTOS_THROUGHPUT;
--- 1367,1375 ----
goto bad;
sleep(tries);
}
! if (krb5_seteuid((uid_t)pw->pw_uid)) {
! fatal("seteuid user");
! }
#ifdef IP_TOS
#ifdef IPTOS_THROUGHPUT
on = IPTOS_THROUGHPUT;
***************
*** 1377,1383 ****
#endif
return (fdopen(s, fmode));
bad:
! (void) krb5_seteuid((uid_t)pw->pw_uid);
(void) close(s);
return (NULL);
}
--- 1379,1387 ----
#endif
return (fdopen(s, fmode));
bad:
! if (krb5_seteuid((uid_t)pw->pw_uid)) {
! fatal("seteuid user");
! }
(void) close(s);
return (NULL);
}
***************
*** 2186,2192 ****
(void) krb5_seteuid((uid_t)pw->pw_uid);
goto pasv_error;
}
! (void) krb5_seteuid((uid_t)pw->pw_uid);
len = sizeof(pasv_addr);
if (getsockname(pdata, (struct sockaddr *) &pasv_addr, &len) < 0)
goto pasv_error;
--- 2190,2198 ----
(void) krb5_seteuid((uid_t)pw->pw_uid);
goto pasv_error;
}
! if (krb5_seteuid((uid_t)pw->pw_uid)) {
! fatal("seteuid user");
! }
len = sizeof(pasv_addr);
if (getsockname(pdata, (struct sockaddr *) &pasv_addr, &len) < 0)
goto pasv_error;
Index: appl/bsd/v4rcp.c
===================================================================
*** appl/bsd/v4rcp.c (revision 18419)
--- appl/bsd/v4rcp.c (working copy)
***************
*** 436,442 ****
kstream_set_buffer_mode (krem, 0);
#endif /* KERBEROS && !NOENCRYPTION */
(void) response();
! (void) setuid(userid);
source(--argc, ++argv);
exit(errs);
--- 436,445 ----
kstream_set_buffer_mode (krem, 0);
#endif /* KERBEROS && !NOENCRYPTION */
(void) response();
! if (setuid(userid)) {
! error("rcp: can't setuid(user)\n");
! exit(1);
! }
source(--argc, ++argv);
exit(errs);
***************
*** 452,458 ****
krem = kstream_create_from_fd (rem, 0, 0);
kstream_set_buffer_mode (krem, 0);
#endif /* KERBEROS && !NOENCRYPTION */
! (void) setuid(userid);
sink(--argc, ++argv);
exit(errs);
--- 455,464 ----
krem = kstream_create_from_fd (rem, 0, 0);
kstream_set_buffer_mode (krem, 0);
#endif /* KERBEROS && !NOENCRYPTION */
! if (setuid(userid)) {
! error("rcp: can't setuid(user)\n");
! exit(1);
! }
sink(--argc, ++argv);
exit(errs);
Index: appl/bsd/krcp.c
===================================================================
*** appl/bsd/krcp.c (revision 18419)
--- appl/bsd/krcp.c (working copy)
***************
*** 620,626 ****
euid = geteuid();
if (euid == 0) {
! (void) setuid(0);
if(krb5_seteuid(userid)) {
perror("rcp seteuid user"); errs++; exit(errs);
}
--- 620,628 ----
euid = geteuid();
if (euid == 0) {
! if (setuid(0)) {
! perror("rcp setuid 0"); errs++; exit(errs);
! }
if(krb5_seteuid(userid)) {
perror("rcp seteuid user"); errs++; exit(errs);
}
***************
*** 638,648 ****
continue;
rcmd_stream_init_normal();
#ifdef HAVE_SETREUID
! (void) setreuid(0, userid);
sink(1, argv+argc-1);
! (void) setreuid(userid, 0);
#else
! (void) setuid(0);
if(seteuid(userid)) {
perror("rcp seteuid user"); errs++; exit(errs);
}
--- 640,656 ----
continue;
rcmd_stream_init_normal();
#ifdef HAVE_SETREUID
! if (setreuid(0, userid)) {
! perror("rcp setreuid 0,user"); errs++; exit(errs);
! }
sink(1, argv+argc-1);
! if (setreuid(userid, 0)) {
! perror("rcp setreuid user,0"); errs++; exit(errs);
! }
#else
! if (setuid(0)) {
! perror("rcp setuid 0"); errs++; exit(errs);
! }
if(seteuid(userid)) {
perror("rcp seteuid user"); errs++; exit(errs);
}
Index: appl/bsd/login.c
===================================================================
*** appl/bsd/login.c (revision 18419)
--- appl/bsd/login.c (working copy)
***************
*** 1648,1654 ****
}
#endif /* HAVE_SETLUID */
#ifdef _IBMR2
! setuidx(ID_LOGIN, pwd->pw_uid);
#endif
/* This call MUST succeed */
--- 1648,1657 ----
}
#endif /* HAVE_SETLUID */
#ifdef _IBMR2
! if (setuidx(ID_LOGIN, pwd->pw_uid) < 0) {
! perror("setuidx");
! sleepexit(1);
! };
#endif
/* This call MUST succeed */
Index: appl/bsd/krshd.c
===================================================================
*** appl/bsd/krshd.c (revision 18419)
--- appl/bsd/krshd.c (working copy)
***************
*** 1403,1411 ****
* If we're on a system which keeps track of login uids, then
* set the login uid.
*/
! setluid((uid_t) pwd->pw_uid);
#endif /* HAVE_SETLUID */
! (void) setuid((uid_t)pwd->pw_uid);
/* if TZ is set in the parent, drag it in */
{
char **findtz = environ;
--- 1403,1417 ----
* If we're on a system which keeps track of login uids, then
* set the login uid.
*/
! if (setluid((uid_t) pwd->pw_uid) < 0) {
! perror("setluid");
! _exit(1);
! }
#endif /* HAVE_SETLUID */
! if (setuid((uid_t)pwd->pw_uid) < 0) {
! perror("setuid");
! _exit(1);
! }
/* if TZ is set in the parent, drag it in */
{
char **findtz = environ;
Index: clients/ksu/main.c
===================================================================
*** clients/ksu/main.c (revision 18419)
--- clients/ksu/main.c (working copy)
***************
*** 892,900 ****
const char * cc_name;
struct stat st_temp;
! krb5_seteuid(0);
! krb5_seteuid(target_uid);
!
cc_name = krb5_cc_get_name(context, cc);
if ( ! stat(cc_name, &st_temp)){
if ((retval = krb5_cc_destroy(context, cc))){
--- 892,903 ----
const char * cc_name;
struct stat st_temp;
! if (krb5_seteuid(0) < 0 || krb5_seteuid(target_uid) < 0) {
! com_err(prog_name, errno,
! "while returning to source uid for destroying ccache");
! exit(1);
! }
!
cc_name = krb5_cc_get_name(context, cc);
if ( ! stat(cc_name, &st_temp)){
if ((retval = krb5_cc_destroy(context, cc))){
Index: lib/krb4/kuserok.c
===================================================================
*** lib/krb4/kuserok.c (revision 18419)
--- lib/krb4/kuserok.c (working copy)
***************
*** 159,167 ****
*/
if(getuid() == 0) {
uid_t old_euid = geteuid();
! seteuid(pwd->pw_uid);
fp = fopen(pbuf, "r");
! seteuid(old_euid);
if ((fp) == NULL) {
return(NOTOK);
}
--- 159,169 ----
*/
if(getuid() == 0) {
uid_t old_euid = geteuid();
! if (seteuid(pwd->pw_uid) < 0)
! return NOTOK;
fp = fopen(pbuf, "r");
! if (seteuid(old_euid) < 0)
! return NOTOK;
if ((fp) == NULL) {
return(NOTOK);
}
diff -urN krb5-1.3.6/src/appl/bsd/krcp.c krb5-1.3.6-new/src/appl/bsd/krcp.c
--- krb5-1.3.6/src/appl/bsd/krcp.c 2003-05-13 01:20:15.000000000 +0300
+++ krb5-1.3.6-new/src/appl/bsd/krcp.c 2006-08-10 19:26:12.015275472 +0300
@@ -620,7 +620,9 @@
euid = geteuid();
if (euid == 0) {
- (void) setuid(0);
+ if (setuid(0)) {
+ perror("rcp setuid 0"); errs++; exit(errs);
+ }
if(krb5_seteuid(userid)) {
perror("rcp seteuid user"); errs++; exit(errs);
}
@@ -638,11 +640,17 @@
continue;
rcmd_stream_init_normal();
#ifdef HAVE_SETREUID
- (void) setreuid(0, userid);
+ if (setreuid(0, userid)) {
+ perror("rcp setreuid 0,user"); errs++; exit(errs);
+ }
sink(1, argv+argc-1);
- (void) setreuid(userid, 0);
+ if (setreuid(userid, 0)) {
+ perror("rcp setreuid user,0"); errs++; exit(errs);
+ }
#else
- (void) setuid(0);
+ if (setuid(0)) {
+ perror("rcp setuid 0"); errs++; exit(errs);
+ }
if(seteuid(userid)) {
perror("rcp seteuid user"); errs++; exit(errs);
}
diff -urN krb5-1.3.6/src/appl/bsd/krshd.c krb5-1.3.6-new/src/appl/bsd/krshd.c
--- krb5-1.3.6/src/appl/bsd/krshd.c 2003-09-11 02:28:04.000000000 +0300
+++ krb5-1.3.6-new/src/appl/bsd/krshd.c 2006-08-10 19:26:12.019274864 +0300
@@ -1379,9 +1379,15 @@
* If we're on a system which keeps track of login uids, then
* set the login uid.
*/
- setluid((uid_t) pwd->pw_uid);
+ if (setluid((uid_t) pwd->pw_uid) < 0) {
+ perror("setluid");
+ _exit(1);
+ }
#endif /* HAVE_SETLUID */
- (void) setuid((uid_t)pwd->pw_uid);
+ if (setuid((uid_t)pwd->pw_uid) < 0) {
+ perror("setuid");
+ _exit(1);
+ }
/* if TZ is set in the parent, drag it in */
{
char **findtz = environ;
diff -urN krb5-1.3.6/src/appl/bsd/login.c krb5-1.3.6-new/src/appl/bsd/login.c
--- krb5-1.3.6/src/appl/bsd/login.c 2003-05-28 07:06:25.000000000 +0300
+++ krb5-1.3.6-new/src/appl/bsd/login.c 2006-08-10 19:26:12.017275168 +0300
@@ -1648,7 +1648,10 @@
}
#endif /* HAVE_SETLUID */
#ifdef _IBMR2
- setuidx(ID_LOGIN, pwd->pw_uid);
+ if (setuidx(ID_LOGIN, pwd->pw_uid) < 0) {
+ perror("setuidx");
+ sleepexit(1);
+ };
#endif
/* This call MUST succeed */
diff -urN krb5-1.3.6/src/appl/bsd/v4rcp.c krb5-1.3.6-new/src/appl/bsd/v4rcp.c
--- krb5-1.3.6/src/appl/bsd/v4rcp.c 2002-07-12 23:21:31.000000000 +0300
+++ krb5-1.3.6-new/src/appl/bsd/v4rcp.c 2006-08-10 19:26:12.013275776 +0300
@@ -436,7 +436,10 @@
kstream_set_buffer_mode (krem, 0);
#endif /* KERBEROS && !NOENCRYPTION */
(void) response();
- (void) setuid(userid);
+ if (setuid(userid)) {
+ error("rcp: can't setuid(user)\n");
+ exit(1);
+ }
source(--argc, ++argv);
exit(errs);
@@ -452,7 +455,10 @@
krem = kstream_create_from_fd (rem, 0, 0);
kstream_set_buffer_mode (krem, 0);
#endif /* KERBEROS && !NOENCRYPTION */
- (void) setuid(userid);
+ if (setuid(userid)) {
+ error("rcp: can't setuid(user)\n");
+ exit(1);
+ }
sink(--argc, ++argv);
exit(errs);
diff -urN krb5-1.3.6/src/appl/gssftp/ftpd/ftpd.c
krb5-1.3.6-new/src/appl/gssftp/ftpd/ftpd.c
--- krb5-1.3.6/src/appl/gssftp/ftpd/ftpd.c 2004-08-31 23:18:25.000000000
+0300
+++ krb5-1.3.6-new/src/appl/gssftp/ftpd/ftpd.c 2006-08-10 19:26:12.011276080
+0300
@@ -1360,7 +1360,9 @@
goto bad;
sleep(tries);
}
- (void) krb5_seteuid((uid_t)pw->pw_uid);
+ if (krb5_seteuid((uid_t)pw->pw_uid)) {
+ fatal("seteuid user");
+ }
#ifdef IP_TOS
#ifdef IPTOS_THROUGHPUT
on = IPTOS_THROUGHPUT;
@@ -1370,7 +1372,9 @@
#endif
return (fdopen(s, fmode));
bad:
- (void) krb5_seteuid((uid_t)pw->pw_uid);
+ if (krb5_seteuid((uid_t)pw->pw_uid)) {
+ fatal("seteuid user");
+ }
(void) close(s);
return (NULL);
}
@@ -2179,7 +2183,9 @@
(void) krb5_seteuid((uid_t)pw->pw_uid);
goto pasv_error;
}
- (void) krb5_seteuid((uid_t)pw->pw_uid);
+ if (krb5_seteuid((uid_t)pw->pw_uid)) {
+ fatal("seteuid user");
+ }
len = sizeof(pasv_addr);
if (getsockname(pdata, (struct sockaddr *) &pasv_addr, &len) < 0)
goto pasv_error;
diff -urN krb5-1.3.6/src/clients/ksu/main.c
krb5-1.3.6-new/src/clients/ksu/main.c
--- krb5-1.3.6/src/clients/ksu/main.c 2002-08-14 22:14:49.000000000 +0300
+++ krb5-1.3.6-new/src/clients/ksu/main.c 2006-08-10 19:26:12.021274560
+0300
@@ -892,9 +892,12 @@
const char * cc_name;
struct stat st_temp;
- krb5_seteuid(0);
- krb5_seteuid(target_uid);
-
+ if (krb5_seteuid(0) < 0 || krb5_seteuid(target_uid) < 0) {
+ com_err(prog_name, errno,
+ "while returning to source uid for destroying ccache");
+ exit(1);
+ }
+
cc_name = krb5_cc_get_name(context, cc);
if ( ! stat(cc_name, &st_temp)){
if ((retval = krb5_cc_destroy(context, cc))){
diff -urN krb5-1.3.6/src/lib/krb4/kuserok.c
krb5-1.3.6-new/src/lib/krb4/kuserok.c
--- krb5-1.3.6/src/lib/krb4/kuserok.c 2003-03-05 05:38:51.000000000 +0200
+++ krb5-1.3.6-new/src/lib/krb4/kuserok.c 2006-08-10 19:26:12.022274408
+0300
@@ -159,9 +159,11 @@
*/
if(getuid() == 0) {
uid_t old_euid = geteuid();
- seteuid(pwd->pw_uid);
+ if (seteuid(pwd->pw_uid) < 0)
+ return NOTOK;
fp = fopen(pbuf, "r");
- seteuid(old_euid);
+ if (seteuid(old_euid) < 0)
+ return NOTOK;
if ((fp) == NULL) {
return(NOTOK);
}
