subject:"Bug#878144\: marked as done \(CVE\-2017\-17439\: Remote unauthenticated DoS in Heimdal\-KDC 7.1\)"

Bug#878144: marked as done (CVE-2017-17439: Remote unauthenticated DoS in Heimdal-KDC 7.1)

2017-12-14 Thread Debian Bug Tracking System

Your message dated Fri, 15 Dec 2017 03:05:33 +
with message-id 
and subject line Bug#878144: fixed in heimdal 7.5.0+dfsg-1
has caused the Debian Bug report #878144,
regarding CVE-2017-17439: Remote unauthenticated DoS in Heimdal-KDC 7.1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
878144: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878144
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: heimdal-kdc
Version: 7.1.0+dfsg-13+deb9u1 amd64
Severity: important


We are running heimdal-kdc 7.1.0+dfsg-13+deb9u1 amd64 shipped with
Debian stretch for our Domain and have discovered several crashes in the
past few months. Investigation showed that dmesg contained several logs
about segfaults:

[Fr Jun 23 12:07:17 2017] kdc[14596]: segfault at 18 ip 7f65c02ef5d0
sp 7ffd1d7f7298 error 4 in libasn1.so.8.0.0[7f65c0268000+a7000]
[Di Jun 27 21:37:26 2017] kdc[10087]: segfault at 18 ip 7f65c02ef5d0
sp 7ffd1d7f7298 error 4 in libasn1.so.8.0.0[7f65c0268000+a7000]
[Mo Jul  3 16:18:39 2017] kdc[2656]: segfault at 18 ip 7fa27ec105d0
sp 7ffedcb061f8 error 4 in libasn1.so.8.0.0[7fa27eb89000+a7000]
[So Jul  9 08:55:39 2017] kdc[6092]: segfault at 18 ip 7fa27ec105d0
sp 7ffedcb061f8 error 4 in libasn1.so.8.0.0[7fa27eb89000+a7000]
[Di Jul 11 13:06:14 2017] kdc[28993]: segfault at 18 ip 7fb9dccda5d0
sp 7ffc6e2ee648 error 4 in libasn1.so.8.0.0[7fb9dcc53000+a7000]
[Di Jul 11 23:39:40 2017] kdc[32211]: segfault at 18 ip 7fb9dccda5d0
sp 7ffc6e2ee648 error 4 in libasn1.so.8.0.0[7fb9dcc53000+a7000]
[Sa Jul 15 13:20:17 2017] kdc[6902]: segfault at 18 ip 7fb76d5ef5d0
sp 7ffc22a84078 error 4 in libasn1.so.8.0.0[7fb76d568000+a7000]
[Fr Jul 21 12:17:37 2017] kdc[9219]: segfault at 18 ip 7fdfcbf2b5d0
sp 7ffe9f295128 error 4 in libasn1.so.8.0.0[7fdfcbea4000+a7000]
[So Jul 23 21:10:59 2017] kdc[26977]: segfault at 18 ip 7fdfcbf2b5d0
sp 7ffe9f295128 error 4 in libasn1.so.8.0.0[7fdfcbea4000+a7000]
[So Aug  6 12:06:04 2017] kdc[26494]: segfault at 18 ip 7f342c8d35d0
sp 7fff8ae39088 error 4 in libasn1.so.8.0.0[7f342c84c000+a7000]
[Di Aug 15 15:21:41 2017] kdc[28412]: segfault at 18 ip 7f4780b605d0
sp 7ffd63250328 error 4 in libasn1.so.8.0.0[7f4780ad9000+a7000]
[Mi Aug 16 08:46:13 2017] kdc[5166]: segfault at 18 ip 7f4780b605d0
sp 7ffd63250328 error 4 in libasn1.so.8.0.0[7f4780ad9000+a7000]
[Di Aug 29 04:01:58 2017] kdc[5268]: segfault at 18 ip 7f31fdd065d0
sp 7ffd8392c748 error 4 in libasn1.so.8.0.0[7f31fdc7f000+a7000]
[Fr Sep  1 16:56:57 2017] kdc[13396]: segfault at 18 ip 7f31fdd065d0
sp 7ffd8392c748 error 4 in libasn1.so.8.0.0[7f31fdc7f000+a7000]
[Mo Sep 11 20:10:45 2017] kdc[16093]: segfault at 18 ip 7f8a096715d0
sp 7ffd48ba4b28 error 4 in libasn1.so.8.0.0[7f8a095ea000+a7000]
[Di Sep 12 13:46:17 2017] kdc[24683]: segfault at 18 ip 7f8a096715d0
sp 7ffd48ba4b28 error 4 in libasn1.so.8.0.0[7f8a095ea000+a7000]

The heimdal-kdc log gave us additional information:

lofar log # zgrep "AS-REQ malformed client name" heimdal-kdc.log*
heimdal-kdc.log:2017-09-11T20:10:46 AS-REQ malformed client name from
IPv4:80.82.77.139
heimdal-kdc.log:2017-09-12T13:46:18 AS-REQ malformed client name from
IPv4:185.100.87.246
heimdal-kdc.log.2.gz:2017-08-29T04:01:59 AS-REQ malformed client name
from IPv4:71.6.135.131
heimdal-kdc.log.2.gz:2017-09-01T16:56:58 AS-REQ malformed client name
from IPv4:34.208.25.133
heimdal-kdc.log.4.gz:2017-08-15T15:21:41 AS-REQ malformed client name
from IPv4:96.126.127.61
heimdal-kdc.log.4.gz:2017-08-16T08:46:13 AS-REQ malformed client name
from IPv4:71.6.158.166
heimdal-kdc.log.5.gz:2017-08-06T12:06:05 AS-REQ malformed client name
from IPv4:71.6.167.142

The KDC was directly reachable over the Internet - those IPs do not
belong to us but seemed to send packets crashing our master or our slave
(we observed the same there).
While waiting to capture one of those packets and reproduce the issues,
my colleague Thomas Kittel located the part of the code responsible for
the crash:

  * RIP in libasn1.so.0 (relativ) 0x875d0.
  * "der_length_visible_string@@HEIMDAL_ASN1_1.0"
  
   875d0:   48 8b 3fmovrdi,QWORD PTR [rdi]
   875d3:   e9 e8 83 f9 ff  jmp1f9c0 
   875d8:   0f 1f 84 00 00 00 00nopDWORD PTR [rax+rax*1+0x0]
   875df:   00
  

  * Source:
https://github.com/heimdal/heimdal/blob/master/lib/asn1/der_length.c
  size_t

Bug#878144: marked as done (CVE-2017-17439: Remote unauthenticated DoS in Heimdal-KDC 7.1)

2017-12-09 Thread Debian Bug Tracking System

Your message dated Sat, 09 Dec 2017 12:02:38 +
with message-id 
and subject line Bug#878144: fixed in heimdal 7.1.0+dfsg-13+deb9u2
has caused the Debian Bug report #878144,
regarding CVE-2017-17439: Remote unauthenticated DoS in Heimdal-KDC 7.1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
878144: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878144
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: heimdal-kdc
Version: 7.1.0+dfsg-13+deb9u1 amd64
Severity: important


We are running heimdal-kdc 7.1.0+dfsg-13+deb9u1 amd64 shipped with
Debian stretch for our Domain and have discovered several crashes in the
past few months. Investigation showed that dmesg contained several logs
about segfaults:

[Fr Jun 23 12:07:17 2017] kdc[14596]: segfault at 18 ip 7f65c02ef5d0
sp 7ffd1d7f7298 error 4 in libasn1.so.8.0.0[7f65c0268000+a7000]
[Di Jun 27 21:37:26 2017] kdc[10087]: segfault at 18 ip 7f65c02ef5d0
sp 7ffd1d7f7298 error 4 in libasn1.so.8.0.0[7f65c0268000+a7000]
[Mo Jul  3 16:18:39 2017] kdc[2656]: segfault at 18 ip 7fa27ec105d0
sp 7ffedcb061f8 error 4 in libasn1.so.8.0.0[7fa27eb89000+a7000]
[So Jul  9 08:55:39 2017] kdc[6092]: segfault at 18 ip 7fa27ec105d0
sp 7ffedcb061f8 error 4 in libasn1.so.8.0.0[7fa27eb89000+a7000]
[Di Jul 11 13:06:14 2017] kdc[28993]: segfault at 18 ip 7fb9dccda5d0
sp 7ffc6e2ee648 error 4 in libasn1.so.8.0.0[7fb9dcc53000+a7000]
[Di Jul 11 23:39:40 2017] kdc[32211]: segfault at 18 ip 7fb9dccda5d0
sp 7ffc6e2ee648 error 4 in libasn1.so.8.0.0[7fb9dcc53000+a7000]
[Sa Jul 15 13:20:17 2017] kdc[6902]: segfault at 18 ip 7fb76d5ef5d0
sp 7ffc22a84078 error 4 in libasn1.so.8.0.0[7fb76d568000+a7000]
[Fr Jul 21 12:17:37 2017] kdc[9219]: segfault at 18 ip 7fdfcbf2b5d0
sp 7ffe9f295128 error 4 in libasn1.so.8.0.0[7fdfcbea4000+a7000]
[So Jul 23 21:10:59 2017] kdc[26977]: segfault at 18 ip 7fdfcbf2b5d0
sp 7ffe9f295128 error 4 in libasn1.so.8.0.0[7fdfcbea4000+a7000]
[So Aug  6 12:06:04 2017] kdc[26494]: segfault at 18 ip 7f342c8d35d0
sp 7fff8ae39088 error 4 in libasn1.so.8.0.0[7f342c84c000+a7000]
[Di Aug 15 15:21:41 2017] kdc[28412]: segfault at 18 ip 7f4780b605d0
sp 7ffd63250328 error 4 in libasn1.so.8.0.0[7f4780ad9000+a7000]
[Mi Aug 16 08:46:13 2017] kdc[5166]: segfault at 18 ip 7f4780b605d0
sp 7ffd63250328 error 4 in libasn1.so.8.0.0[7f4780ad9000+a7000]
[Di Aug 29 04:01:58 2017] kdc[5268]: segfault at 18 ip 7f31fdd065d0
sp 7ffd8392c748 error 4 in libasn1.so.8.0.0[7f31fdc7f000+a7000]
[Fr Sep  1 16:56:57 2017] kdc[13396]: segfault at 18 ip 7f31fdd065d0
sp 7ffd8392c748 error 4 in libasn1.so.8.0.0[7f31fdc7f000+a7000]
[Mo Sep 11 20:10:45 2017] kdc[16093]: segfault at 18 ip 7f8a096715d0
sp 7ffd48ba4b28 error 4 in libasn1.so.8.0.0[7f8a095ea000+a7000]
[Di Sep 12 13:46:17 2017] kdc[24683]: segfault at 18 ip 7f8a096715d0
sp 7ffd48ba4b28 error 4 in libasn1.so.8.0.0[7f8a095ea000+a7000]

The heimdal-kdc log gave us additional information:

lofar log # zgrep "AS-REQ malformed client name" heimdal-kdc.log*
heimdal-kdc.log:2017-09-11T20:10:46 AS-REQ malformed client name from
IPv4:80.82.77.139
heimdal-kdc.log:2017-09-12T13:46:18 AS-REQ malformed client name from
IPv4:185.100.87.246
heimdal-kdc.log.2.gz:2017-08-29T04:01:59 AS-REQ malformed client name
from IPv4:71.6.135.131
heimdal-kdc.log.2.gz:2017-09-01T16:56:58 AS-REQ malformed client name
from IPv4:34.208.25.133
heimdal-kdc.log.4.gz:2017-08-15T15:21:41 AS-REQ malformed client name
from IPv4:96.126.127.61
heimdal-kdc.log.4.gz:2017-08-16T08:46:13 AS-REQ malformed client name
from IPv4:71.6.158.166
heimdal-kdc.log.5.gz:2017-08-06T12:06:05 AS-REQ malformed client name
from IPv4:71.6.167.142

The KDC was directly reachable over the Internet - those IPs do not
belong to us but seemed to send packets crashing our master or our slave
(we observed the same there).
While waiting to capture one of those packets and reproduce the issues,
my colleague Thomas Kittel located the part of the code responsible for
the crash:

  * RIP in libasn1.so.0 (relativ) 0x875d0.
  * "der_length_visible_string@@HEIMDAL_ASN1_1.0"
  
   875d0:   48 8b 3fmovrdi,QWORD PTR [rdi]
   875d3:   e9 e8 83 f9 ff  jmp1f9c0 
   875d8:   0f 1f 84 00 00 00 00nopDWORD PTR [rax+rax*1+0x0]
   875df:   00
  

  * Source:
https://github.com/heimdal/heimdal/blob/master/lib/asn1/der_length.c
  size_t

Bug#878144: marked as done (CVE-2017-17439: Remote unauthenticated DoS in Heimdal-KDC 7.1)

Bug#878144: marked as done (CVE-2017-17439: Remote unauthenticated DoS in Heimdal-KDC 7.1)

2 matches

Site Navigation

Mail list logo

Footer information