[24291] in Kerberos
Re: krb5.conf ' # ' in realms section can cause ssh to segv
daemon@ATHENA.MIT.EDU (Russ Allbery)
Wed Jul 13 17:32:16 2005
From: Russ Allbery <rra@stanford.edu>
Date: Wed, 13 Jul 2005 14:13:16 -0700
Message-ID: <87u0iy1kb7.fsf@windlord.stanford.edu>
To: kerberos@mit.edu
Errors-To: kerberos-bounces@mit.edu
Troy Benjegerdes <hozer@hozed.org> writes:
> While testing a new kerberos server, I commented out one of my existing
> servers with something like the following:
> [realms]
> EXAMPLE.COM = {
> #kdc = kerberos-1.example.com
> kdc = new-test-server.example.com
> admin_server = kerberos.example.com
> }
> Unfortunately, I seem to be unable to reproduce the problem exactly
> anymore.. When it was failing, I was getting the included backtrace.
> What tipped me off to /etc/krb5.conf was that was the last thing I saw
> in strace output.
> Is this a potential security issue? Granted, if you can edit krb5.conf,
> you can do a lot of other stuff.. but a segv is pretty bad behavior.
If you linked against the MIT Kerberos v5 libraries, whitespace before
comments will cause Kerberos initialization to fail. If that wasn't
checked for thoroughly, it could result in trying to use or free a NULL
pointer. (There's also another problem with MIT K5 right now where it
doesn't completely initialize an output_token buffer in the GSSAPI layer
in some particular circumstances.)
These are #1988 and #3086 in the MIT Kerberos RT.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
