Read req failed: ASN.1
encoding ended unexpectedly
The loging fails, but I have the host credentials in my cache as shown
by klist. I have no idea how to solve this problem. What does the
error mean? Any pointers or docs would be greatly appreciated.
Thanks,
Jason C. Wells
compile, but fail for 'make test'. The
errors appear to be coming from 'tests/asn.1' contain some of the
content within the 2009-002-patch.txt patch. The tail end of the 'make
test' output is below.
Has anyone else had luck patching 1.5.4 or have any suggestions for
addressing
'. The errors
appear to be coming from 'tests/asn.1' contain some of the content
within the 2009-002-patch.txt patch. The tail end of the 'make test'
output is below.
Has anyone else had luck patching 1.5.4 or have any suggestions for
addressing this?
There was a bug in the test case due
I recently tried to update our MIT krb5-1.5.4 install with the patches for
the last two security advisories.
The 2009-001-patch.txt 2009-002-patch.txt patches apply cleanly against
the krb5-1.5.4 source compile, but fail for 'make test'. The errors
appear to be coming from 'tests/asn.1
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
MITKRB5-SA-2009-001
MIT krb5 Security Advisory 2009-001
Original release: 2009-04-07
Last update: 2009-04-07
Topic: multiple vulnerabilities in SPNEGO, ASN.1 decoder
[CVE-2009-0844]
SPNEGO implementation can read beyond buffer end
CVSSv2 Vector
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
MITKRB5-SA-2009-002
MIT krb5 Security Advisory 2009-002
Original release: 2009-04-07
Last update: 2009-04-07
Topic: ASN.1 decoder frees uninitialized pointer
[CVE-2009-0846]
ASN.1 GeneralizedTime decoder can free uninitialized pointer
CVSSv2
09 16:38:43 krb01.security.lab.comcast.com krb5kdc[15758](info): AS_REQ
(12 etypes {18 17 16 23 1 3 2 11 10 15 12 13}) 10.252.152.73:
LOOKING_UP_CLIENT: mrow...@krb.comcast.com for
krbtgt/krb.comcast@krb.comcast.com, unable to decode stored principal
key data (ASN.1 encoding ended unexpectedly
--On Monday, June 30, 2008 04:43:10 PM +0200
[EMAIL PROTECTED] wrote:
I would like to know if I can modify the ASN.1 files of kerberos.
As far as I know, you can modify anything you want in your copy of Kerberos.
However, the ASN.1 describes the Kerberos protocol, which is specified
Hi Kevin,
I found the problem, please help me in solving it. When decoding AS_REQ pa-data from the function asn1_decode_pa_pk_as_req_draft9( ..) in
file asn1_k_decode.c the macro get_implicit_octet_string(val-signedAuthPack.length, val-signedAuthPack.data, 0) is invoked.
which checks for
Hello,
I would like to know if I can modify the ASN.1 files of kerberos.
Thanks.
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
it to this
tool. (Details left to the reader.) It might point out ASN.1
problems.
K.C.
On Tue, Jun 17, 2008 at 6:25 AM, naveen.bn [EMAIL PROTECTED] wrote:
Hi all,
Can any one provide me the link which gives the expected values for the
ASN.1 identifier for PA_PK_AS_REQ
used in krb5-1.6.3
Hi Kevin,
I am facing problem with asn.1. The problem is that i am using an client
application which was
built with krb5-1.2.2 with added pkinit and it uses asn.1 of krb5-1.2.2. But
now that i am using the krb51.6.3
server,when i send AS_REQ i get preauth failed.
The krb5kdc.log file displays
Hi all,
Can any one provide me the link which gives the expected values for the ASN.1
identifier for PA_PK_AS_REQ
used in krb5-1.6.3 because i am getting ASN1_BAD_ID.
Thank you .
with regards
naveen
Kerberos mailing list Kerberos
to the reader.) It might point out ASN.1
problems.
K.C.
On Tue, Jun 17, 2008 at 6:25 AM, naveen.bn [EMAIL PROTECTED] wrote:
Hi all,
Can any one provide me the link which gives the expected values for the ASN.1
identifier for PA_PK_AS_REQ
used in krb5-1.6.3 because i am getting ASN1_BAD_ID
): ASN.1
encoding ended unexpectedly while getting initial credentials. I
have searched for this error but have not found any help on fixing it.
I am 99% sure it is not the Linux box.
Does anyone have any answers for the above error? Are there log files
on either machine that will help me
Hello,
I am trying to get a Kerberos ticket on a Red Hat Linux server from a
Windows 2003 Domain Controller.
When I type [EMAIL PROTECTED] it asks for a password, I enter the
correct password, and I receive this error: kinit(v5): ASN.1
encoding ended unexpectedly while getting initial credentials
-BEGIN PGP SIGNED MESSAGE-
MIT krb5 Security Advisory 2004-003
Original release: 2004-08-31
Topic: ASN.1 decoder denial of service
Severity: serious
SUMMARY
===
The ASN.1 decoder library in the MIT Kerberos 5 distribution is
vulnerable to a denial-of-service
/kerberos.c:ads_kinit_password(136)
kerberos_kinit_password [EMAIL PROTECTED] failed: ASN.1 failed
call to system time library
[EMAIL PROTECTED] root]# kinit [EMAIL PROTECTED]
Password for [EMAIL PROTECTED]:
kinit(v5): ASN.1 failed call to system time library while getting initial
credentials
[EMAIL PROTECTED] root
---BeginMessage---
Microsoft ASN.1 Library Bit String Heap Corruption
Release Date:
February 10, 2004
Date Reported:
September 25, 2003
Severity:
High (Remote Code Execution)
Systems Affected:
Microsoft Windows NT 4.0
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
---BeginMessage---
Microsoft ASN.1 Library Bit String Heap Corruption
Release Date:
February 10, 2004
Date Reported:
September 25, 2003
Severity:
High (Remote Code Execution)
Systems Affected:
Microsoft Windows NT 4.0
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
---BeginMessage---
Microsoft ASN.1 Library Length Overflow Heap Corruption
Release Date:
February 10, 2004
Date Reported:
July 25, 2003
Severity:
High (Remote Code Execution)
Systems Affected:
Microsoft Windows NT 4.0 (all versions)
Microsoft Windows 2000 (SP3 and earlier)
Microsoft Windows
Microsoft Security Bulletin MS04-007:
ASN.1 Vulnerability Could Allow Code Execution (828028)
Bulletin URL:
http://www.microsoft.com/technet/security/bulletin/MS04-007.asp
Summary:
Version Number: V1.0
Revision Date: 02-10-2004
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating
: ASN.1 failed call to system time library - while dispatching
krb5kdc: ASN.1 failed call to system time library - while dispatching
krb5kdc: ASN.1 failed call to system time library - while dispatching
krb5kdc: ASN.1 failed call to system time library - while dispatching
krb5kdc: Invalid
From somewhere in cyberspace, [EMAIL PROTECTED] (Jeffrey Hutzelman) said:
Are you by any chance running kinit --renewable? There is a known bug in
heimdal which will cause that invocation to issue an invalid request to the
KDC after 13:37:03 UTC this past Saturday, when UNIX time rolled over
(Yes, this was a couple of weeks ago).
Russ Allbery [EMAIL PROTECTED] writes:
We're seeing a regular trickle of these log messages from our KDCs. Is
this anything to worry about, or should we just ignore them?
krb5kdc[3531]: ASN.1 failed call to system time library - while dispatching
How
Hello,
I am using Kerberos 5 ASN.1 library for the purposes of ASN.1 DER
encoding/decoding. More specifically, I need to encode/decode ASN.1
primitive OBJECT IDENTIFIER but I can't seem to find methods in krb5 to do
that. Could you please let me know if such functionality exists in Kerberos
5
Vucenovic, Sasa [EMAIL PROTECTED] writes:
I am using Kerberos 5 ASN.1 library for the purposes of ASN.1 DER
encoding/decoding. More specifically, I need to encode/decode ASN.1
primitive OBJECT IDENTIFIER but I can't seem to find methods in krb5 to do
that. Could you please let me know
Ken == Ken Raeburn [EMAIL PROTECTED] writes:
Ken That said, if you just need to throw something together using
Ken the current MIT Kerberos code on a system where all the
Ken symbols are exported, you could look at asn1_encode_oid and
Ken asn1_decode_oid in lib/krb5/asn.1
Sam Hartman [EMAIL PROTECTED] writes:
These are only present in the as yet unreleased 1.3 codebase.
Yes, my mistake
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
29 matches
Mail list logo