Debian Bug report logs - #708267
cve-2002-2443: kpasswd udp ping-pong

version graph

Package: krb5-admin-server; Maintainer for krb5-admin-server is Sam Hartman <hartmans@debian.org>; Source for krb5-admin-server is src:krb5.

Reported by: Benjamin Kaduk <kaduk@MIT.EDU>

Date: Tue, 14 May 2013 16:39:01 UTC

Owned by: kaduk@mit.edu

Severity: serious

Tags: security

Found in versions krb5/1.10.1+dfsg-5, krb5/1.8.3+dfsg-4

Fixed in versions krb5/1.10.1+dfsg-6, krb5/1.8.3+dfsg-4squeeze7, krb5/1.11.3+dfsg-1, krb5/1.10.1+dfsg-5+deb7u1

Done: Michael Gilbert <mgilbert@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Sam Hartman <hartmans@debian.org>, kaduk@mit.edu:
Bug#708267; Package krb5-admin-server. (Tue, 14 May 2013 16:39:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Benjamin Kaduk <kaduk@MIT.EDU>:
New Bug report received and forwarded. Copy sent to Sam Hartman <hartmans@debian.org>, kaduk@mit.edu. (Tue, 14 May 2013 16:39:05 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Benjamin Kaduk <kaduk@MIT.EDU>
To: submit@bugs.debian.org
Subject: cve-2002-2443: kpasswd udp ping-pong
Date: Tue, 14 May 2013 12:35:19 -0400 (EDT)
Package: krb5-admin-server
Version: 1.10.1+dfsg-5
Owner: kaduk@mit.edu

Upstream has fixed CVE-2002-2443 in their git master, with the following 
commit message:

    Fix kpasswd UDP ping-pong [CVE-2002-2443]

    The kpasswd service provided by kadmind was vulnerable to a UDP
    "ping-pong" attack [CVE-2002-2443].  Don't respond to packets unless
    they pass some basic validation, and don't respond to our own error
    packets.

    Some authors use CVE-1999-0103 to refer to the kpasswd UDP ping-pong
    attack or UDP ping-pong attacks in general, but there is discussion
    leading toward narrowing the definition of CVE-1999-0103 to the echo,
    chargen, or other similar built-in inetd services.

    Thanks to Vincent Danen for alerting us to this issue.

    CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:P/RL:O/RC:C




Information forwarded to debian-bugs-dist@lists.debian.org, kaduk@mit.edu:
Bug#708267; Package krb5-admin-server. (Tue, 14 May 2013 20:27:08 GMT) Full text and rfc822 format available.

Acknowledgement sent to Sam Hartman <hartmans@debian.org>:
Extra info received and forwarded to list. Copy sent to kaduk@mit.edu. (Tue, 14 May 2013 20:27:08 GMT) Full text and rfc822 format available.

Message #10 received at submit@bugs.debian.org (full text, mbox):

From: Sam Hartman <hartmans@debian.org>
To: Benjamin Kaduk <kaduk@MIT.EDU>
Cc: 708267@bugs.debian.org, submit@bugs.debian.org
Subject: Re: Bug#708267: cve-2002-2443: kpasswd udp ping-pong
Date: Tue, 14 May 2013 16:25:15 -0400
I assume this goes back to squeeze as well.

Shouldn't the severity be higher? This seems probably worth a DSA
because such ping-pong attacks can really be bad for a network/server.
Or am I missing mittigations?
I'd be happy to work on packages.



Information forwarded to debian-bugs-dist@lists.debian.org, kaduk@mit.edu:
Bug#708267; Package krb5-admin-server. (Tue, 14 May 2013 20:36:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Sam Hartman <hartmans@debian.org>:
Extra info received and forwarded to list. Copy sent to kaduk@mit.edu. (Tue, 14 May 2013 20:36:04 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Sam Hartman <hartmans@debian.org>, kaduk@mit.edu:
Bug#708267; Package krb5-admin-server. (Tue, 14 May 2013 20:39:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Tom Yu <tlyu@MIT.EDU>:
Extra info received and forwarded to list. Copy sent to Sam Hartman <hartmans@debian.org>, kaduk@mit.edu. (Tue, 14 May 2013 20:39:04 GMT) Full text and rfc822 format available.

Message #20 received at submit@bugs.debian.org (full text, mbox):

From: Tom Yu <tlyu@MIT.EDU>
To: Sam Hartman <hartmans@debian.org>
Cc: 708267@bugs.debian.org, Benjamin Kaduk <kaduk@mit.edu>, submit@bugs.debian.org
Subject: Re: Bug#708267: cve-2002-2443: kpasswd udp ping-pong
Date: Tue, 14 May 2013 16:37:33 -0400
Sam Hartman <hartmans@debian.org> writes:

> I assume this goes back to squeeze as well.

The bug is as old as the file it's in.

> Shouldn't the severity be higher? This seems probably worth a DSA
> because such ping-pong attacks can really be bad for a network/server.
> Or am I missing mittigations?
> I'd be happy to work on packages.

Some limited testing indicates that when the packet storm is confined
to a single host, legitimate kpasswd and kadm5 requests can still get
through, and the CPU usage pegs at about 70%.  I haven't tested with
multiple hosts involved.

Mitigations include blocking specific source ports on inbound UDP
packets.



Information forwarded to debian-bugs-dist@lists.debian.org, Sam Hartman <hartmans@debian.org>, kaduk@mit.edu:
Bug#708267; Package krb5-admin-server. (Tue, 14 May 2013 20:39:12 GMT) Full text and rfc822 format available.

Acknowledgement sent to Tom Yu <tlyu@MIT.EDU>:
Extra info received and forwarded to list. Copy sent to Sam Hartman <hartmans@debian.org>, kaduk@mit.edu. (Tue, 14 May 2013 20:39:12 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, kaduk@mit.edu:
Bug#708267; Package krb5-admin-server. (Wed, 15 May 2013 00:21:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Sam Hartman <hartmans@debian.org>:
Extra info received and forwarded to list. Copy sent to kaduk@mit.edu. (Wed, 15 May 2013 00:21:07 GMT) Full text and rfc822 format available.

Message #30 received at 708267@bugs.debian.org (full text, mbox):

From: Sam Hartman <hartmans@debian.org>
To: Tom Yu <tlyu@MIT.EDU>
Cc: 708267@bugs.debian.org, Benjamin Kaduk <kaduk@mit.edu>, control@bugs.debian.org
Subject: Re: Bug#708267: cve-2002-2443: kpasswd udp ping-pong
Date: Tue, 14 May 2013 20:17:14 -0400
severity 708267 serious
tags 708267 security
found 708267 krb5-admin-server/1.8.3+dfsg-4
thanks


Yeah, sounds like an advisory to me.



Information forwarded to debian-bugs-dist@lists.debian.org, Sam Hartman <hartmans@debian.org>, kaduk@mit.edu:
Bug#708267; Package krb5-admin-server. (Wed, 15 May 2013 00:27:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Benjamin Kaduk <kaduk@MIT.EDU>:
Extra info received and forwarded to list. Copy sent to Sam Hartman <hartmans@debian.org>, kaduk@mit.edu. (Wed, 15 May 2013 00:27:04 GMT) Full text and rfc822 format available.

Message #35 received at 708267@bugs.debian.org (full text, mbox):

From: Benjamin Kaduk <kaduk@MIT.EDU>
To: 708267@bugs.debian.org
Subject: Re: Bug#708267: cve-2002-2443: kpasswd udp ping-pong
Date: Tue, 14 May 2013 20:25:40 -0400 (EDT)
I have a patch staged in my local checkout of the packaging, but need to 
settle out some (apparent) multiarch issues on my jessie machine before I 
can install the resulting binaries for testing.

-Ben



Severity set to 'serious' from 'normal' Request was from Sam Hartman <hartmans@debian.org> to control@bugs.debian.org. (Wed, 15 May 2013 00:27:07 GMT) Full text and rfc822 format available.

Added tag(s) security. Request was from Sam Hartman <hartmans@debian.org> to control@bugs.debian.org. (Wed, 15 May 2013 00:27:08 GMT) Full text and rfc822 format available.

Marked as found in versions krb5-admin-server/1.8.3+dfsg-4. Request was from Sam Hartman <hartmans@debian.org> to control@bugs.debian.org. (Wed, 15 May 2013 00:27:09 GMT) Full text and rfc822 format available.

No longer marked as found in versions krb5-admin-server/1.8.3+dfsg-4. Request was from Sam Hartman <hartmans@debian.org> to control@bugs.debian.org. (Wed, 15 May 2013 01:06:04 GMT) Full text and rfc822 format available.

Marked as found in versions krb5/1.8.3+dfsg-4. Request was from Sam Hartman <hartmans@debian.org> to control@bugs.debian.org. (Wed, 15 May 2013 01:06:05 GMT) Full text and rfc822 format available.

Added tag(s) pending. Request was from Sam Hartman <hartmans@debian.org> to control@bugs.debian.org. (Wed, 15 May 2013 01:09:09 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, kaduk@mit.edu:
Bug#708267; Package krb5-admin-server. (Wed, 15 May 2013 01:45:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Sam Hartman <hartmans@debian.org>:
Extra info received and forwarded to list. Copy sent to kaduk@mit.edu. (Wed, 15 May 2013 01:45:05 GMT) Full text and rfc822 format available.

Message #52 received at 708267@bugs.debian.org (full text, mbox):

From: Sam Hartman <hartmans@debian.org>
To: Benjamin Kaduk <kaduk@MIT.EDU>
Cc: 708267@bugs.debian.org
Subject: Re: Bug#708267: cve-2002-2443: kpasswd udp ping-pong
Date: Tue, 14 May 2013 21:29:01 -0400
>>>>> "Benjamin" == Benjamin Kaduk <kaduk@MIT.EDU> writes:

    Benjamin> I have a patch staged in my local checkout of the
    Benjamin> packaging, but need to settle out some (apparent)
    Benjamin> multiarch issues on my jessie machine before I can install
    Benjamin> the resulting binaries for testing.

Sorry, I missed this. and had already done an upload.



Information forwarded to debian-bugs-dist@lists.debian.org, Sam Hartman <hartmans@debian.org>, kaduk@mit.edu:
Bug#708267; Package krb5-admin-server. (Wed, 15 May 2013 01:45:08 GMT) Full text and rfc822 format available.

Acknowledgement sent to Benjamin Kaduk <kaduk@MIT.EDU>:
Extra info received and forwarded to list. Copy sent to Sam Hartman <hartmans@debian.org>, kaduk@mit.edu. (Wed, 15 May 2013 01:45:08 GMT) Full text and rfc822 format available.

Message #57 received at 708267@bugs.debian.org (full text, mbox):

From: Benjamin Kaduk <kaduk@MIT.EDU>
To: hartmans@debian.org
Cc: 708267@bugs.debian.org
Subject: Re: Bug#708267: cve-2002-2443: kpasswd udp ping-pong
Date: Tue, 14 May 2013 21:31:09 -0400 (EDT)
On Tue, 14 May 2013, Sam Hartman wrote:

> Sorry, I missed this. and had already done an upload.

No worries, it is a trivial patch to apply.
Please push the packaging to alioth at your convenience.

-Ben



Reply sent to Sam Hartman <hartmans@debian.org>:
You have taken responsibility. (Wed, 15 May 2013 01:45:26 GMT) Full text and rfc822 format available.

Notification sent to Benjamin Kaduk <kaduk@MIT.EDU>:
Bug acknowledged by developer. (Wed, 15 May 2013 01:45:26 GMT) Full text and rfc822 format available.

Message #62 received at 708267-close@bugs.debian.org (full text, mbox):

From: Sam Hartman <hartmans@debian.org>
To: 708267-close@bugs.debian.org
Subject: Bug#708267: fixed in krb5 1.10.1+dfsg-6
Date: Wed, 15 May 2013 01:32:51 +0000
Source: krb5
Source-Version: 1.10.1+dfsg-6

We believe that the bug you reported is fixed in the latest version of
krb5, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 708267@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sam Hartman <hartmans@debian.org> (supplier of updated krb5 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 14 May 2013 20:57:06 -0400
Source: krb5
Binary: krb5-user krb5-kdc krb5-kdc-ldap krb5-admin-server krb5-multidev libkrb5-dev libkrb5-dbg krb5-pkinit krb5-doc libkrb5-3 libgssapi-krb5-2 libgssrpc4 libkadm5srv-mit8 libkadm5clnt-mit8 libk5crypto3 libkdb5-6 libkrb5support0 krb5-gss-samples krb5-locales
Architecture: source all amd64
Version: 1.10.1+dfsg-6
Distribution: unstable
Urgency: high
Maintainer: Sam Hartman <hartmans@debian.org>
Changed-By: Sam Hartman <hartmans@debian.org>
Description: 
 krb5-admin-server - MIT Kerberos master server (kadmind)
 krb5-doc   - Documentation for MIT Kerberos
 krb5-gss-samples - MIT Kerberos GSS Sample applications
 krb5-kdc   - MIT Kerberos key server (KDC)
 krb5-kdc-ldap - MIT Kerberos key server (KDC) LDAP plugin
 krb5-locales - Internationalization support for MIT Kerberos
 krb5-multidev - Development files for MIT Kerberos without Heimdal conflict
 krb5-pkinit - PKINIT plugin for MIT Kerberos
 krb5-user  - Basic programs to authenticate using MIT Kerberos
 libgssapi-krb5-2 - MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
 libgssrpc4 - MIT Kerberos runtime libraries - GSS enabled ONCRPC
 libk5crypto3 - MIT Kerberos runtime libraries - Crypto Library
 libkadm5clnt-mit8 - MIT Kerberos runtime libraries - Administration Clients
 libkadm5srv-mit8 - MIT Kerberos runtime libraries - KDC and Admin Server
 libkdb5-6  - MIT Kerberos runtime libraries - Kerberos database
 libkrb5-3  - MIT Kerberos runtime libraries
 libkrb5-dbg - Debugging files for MIT Kerberos
 libkrb5-dev - Headers and development libraries for MIT Kerberos
 libkrb5support0 - MIT Kerberos runtime libraries - Support library
Closes: 708267
Changes: 
 krb5 (1.10.1+dfsg-6) unstable; urgency=high
 .
   * Fix UDP ping-pong in kpasswd server [CVE-2002-2443], Closes: #708267
Checksums-Sha1: 
 eedbc5e4bf22db680eb02b9838567625dced10c3 2287 krb5_1.10.1+dfsg-6.dsc
 4bd76c9c044d6939b87035daed4de0a427a19e01 135963 krb5_1.10.1+dfsg-6.debian.tar.gz
 3b1bf40aed3a81e42f001fe87444dafe87043c9c 2668700 krb5-doc_1.10.1+dfsg-6_all.deb
 e27a6a42fc728d528fdb1f3d1c2189f2b71550e5 1502350 krb5-locales_1.10.1+dfsg-6_all.deb
 cdfcbe90d95577887940e41d90d40ac1de70fd6f 153660 krb5-user_1.10.1+dfsg-6_amd64.deb
 b4575b790dcc818d7a0ed9d3133bb9a0c789842b 224546 krb5-kdc_1.10.1+dfsg-6_amd64.deb
 df571352978cc9f32d28969ba02f6b104c8df9c4 120034 krb5-kdc-ldap_1.10.1+dfsg-6_amd64.deb
 0fbbcc0c4e1bc3fdc31ba5edcf03c90205fe4c3f 121788 krb5-admin-server_1.10.1+dfsg-6_amd64.deb
 ee8d1c125d5cab680c0b52258217aaa9cf8b5365 153476 krb5-multidev_1.10.1+dfsg-6_amd64.deb
 1d1d8f848c8207ac3aa5b47154297ce358a9e062 39810 libkrb5-dev_1.10.1+dfsg-6_amd64.deb
 b17d565f4375d501e8b64f92408475c744a3e2a6 2203638 libkrb5-dbg_1.10.1+dfsg-6_amd64.deb
 632f23315aed4934a737444623be1088b07cfcc6 82108 krb5-pkinit_1.10.1+dfsg-6_amd64.deb
 b280f0526056bc045ae94a39b5e237bd99e9814e 393890 libkrb5-3_1.10.1+dfsg-6_amd64.deb
 dc75504745b329784d187cf3794bc198a01edb82 147966 libgssapi-krb5-2_1.10.1+dfsg-6_amd64.deb
 78e3ad78904e9a850ce279dde7c7a62fa8cd0035 87732 libgssrpc4_1.10.1+dfsg-6_amd64.deb
 8b3a4d6a8c7911e52c2bd6a371835fb6610dd403 84880 libkadm5srv-mit8_1.10.1+dfsg-6_amd64.deb
 3523589d0e0dd941de29bf076ed197e420a6aa66 67912 libkadm5clnt-mit8_1.10.1+dfsg-6_amd64.deb
 d31202171fdce45dd4245a8a8b6da9e41c08f797 112266 libk5crypto3_1.10.1+dfsg-6_amd64.deb
 867651e1c16f3e821551c3d8d695137eb83bde0f 66810 libkdb5-6_1.10.1+dfsg-6_amd64.deb
 5b2f20c424081ae7224c403de01339f04fb3d2e7 49536 libkrb5support0_1.10.1+dfsg-6_amd64.deb
 5c168a7a53d121690ef3feb867ed11dc8d4d128f 51822 krb5-gss-samples_1.10.1+dfsg-6_amd64.deb
Checksums-Sha256: 
 e21832327bba2ec61a45746467893e9745d67c4893982d383d472f6755e85793 2287 krb5_1.10.1+dfsg-6.dsc
 2366e95eec6441cb89fce6b5d4e287ebe9ec78969b65682186a3ba4c3753ecac 135963 krb5_1.10.1+dfsg-6.debian.tar.gz
 79c669491a713964b8b6efb5cd335a05db4d5b234705099417d70210d0214d7b 2668700 krb5-doc_1.10.1+dfsg-6_all.deb
 41bcb71cd87b6f56d30afbbeac86e80fc8b00d3ab1f676a29a6d8e5770c95142 1502350 krb5-locales_1.10.1+dfsg-6_all.deb
 a9aaf01dbd8ba156626955d3d975f596b125f73e4e5f406762f2205d6cf97357 153660 krb5-user_1.10.1+dfsg-6_amd64.deb
 736c58802f9f769d6c0452de6f12bb55e2fe07724b0a33638670419d51da96a8 224546 krb5-kdc_1.10.1+dfsg-6_amd64.deb
 4c95bd7ea5ed2fb560062b57391b33586ea405b5da58e7aef9b737fd2c3aa064 120034 krb5-kdc-ldap_1.10.1+dfsg-6_amd64.deb
 1cfd563205d65097447572009159c3525abd471ce033f8ca4ca92a811b92cd63 121788 krb5-admin-server_1.10.1+dfsg-6_amd64.deb
 900a09a4f3772a5ca3d79ac8ae3392099f60cb3dc0ca2d6459209861fc49f64e 153476 krb5-multidev_1.10.1+dfsg-6_amd64.deb
 2e4243fe9ba97f0a7453a79f4ef11712d5324cf594138057eb04c48ebd534f63 39810 libkrb5-dev_1.10.1+dfsg-6_amd64.deb
 d6cafad7454ffb2fab367db9977a5b453e1adf0551ebda50682ea721b03861a5 2203638 libkrb5-dbg_1.10.1+dfsg-6_amd64.deb
 a7d52de9c361abec1057bcb5530c8a11b77fbecedb17a378fe9da4713c49fea0 82108 krb5-pkinit_1.10.1+dfsg-6_amd64.deb
 0386b2a9a3f5046f22df995c88517c413dea9ef791b71d664773199de0a12fc4 393890 libkrb5-3_1.10.1+dfsg-6_amd64.deb
 244cc694f5a74f697deb860adf8faf97b00bac9b1a70c386c46a6c6004eb94ad 147966 libgssapi-krb5-2_1.10.1+dfsg-6_amd64.deb
 8df051325bcaa636544b6ac65ca29e72413c0baa16757502e91de55ed5661468 87732 libgssrpc4_1.10.1+dfsg-6_amd64.deb
 1526013385f4d551a2040cf1ac36d9005d044780b4eb7a24269451650181af50 84880 libkadm5srv-mit8_1.10.1+dfsg-6_amd64.deb
 3ac75ac957c21ac1c2a9682d3486fd6caa513e20ae59ddaed2a1c6c8a9abaeb3 67912 libkadm5clnt-mit8_1.10.1+dfsg-6_amd64.deb
 5d52ab1b1cf76be15a2aafd45a596f47407954c80762c76584dcb6ad9119c413 112266 libk5crypto3_1.10.1+dfsg-6_amd64.deb
 130c178bcebd9aa35dfc2c6ae7b2c7ab9328d3dec5dd60faa6f2af2466d49eac 66810 libkdb5-6_1.10.1+dfsg-6_amd64.deb
 8d388a99b640e348395070fda81c805a3574fd7eae868305adb08033d5bdf974 49536 libkrb5support0_1.10.1+dfsg-6_amd64.deb
 2b3ab3d8c8fb6f08c6c2e077c1956497596cc8ce9ffa9ba18b0b49df6f163c4a 51822 krb5-gss-samples_1.10.1+dfsg-6_amd64.deb
Files: 
 bcebac059e9cd12e5c3b54c7c34f414d 2287 net standard krb5_1.10.1+dfsg-6.dsc
 a695891f41f4a5d8e00531566f706144 135963 net standard krb5_1.10.1+dfsg-6.debian.tar.gz
 5525b136e7508dfa0ddd95c1816485ac 2668700 doc optional krb5-doc_1.10.1+dfsg-6_all.deb
 1d1102231b7fb5e45b55ea9856c1fce1 1502350 localization standard krb5-locales_1.10.1+dfsg-6_all.deb
 82966245a5d7f9544bed6931e13a43e2 153660 net optional krb5-user_1.10.1+dfsg-6_amd64.deb
 e26997477ec70c386e32bbf223f38d6c 224546 net optional krb5-kdc_1.10.1+dfsg-6_amd64.deb
 7cf6b04a84a416a05dad56d8e8015d42 120034 net extra krb5-kdc-ldap_1.10.1+dfsg-6_amd64.deb
 4c243dc5e1feada08bc2cd170a4aec45 121788 net optional krb5-admin-server_1.10.1+dfsg-6_amd64.deb
 3d74699d883bc18c175d7d91771c146a 153476 libdevel optional krb5-multidev_1.10.1+dfsg-6_amd64.deb
 3fd7436516a038eed4bba80f99ae8c50 39810 libdevel extra libkrb5-dev_1.10.1+dfsg-6_amd64.deb
 cb0b6f6f774626046833b8fa0b523a25 2203638 debug extra libkrb5-dbg_1.10.1+dfsg-6_amd64.deb
 0177fbdd5507961f509d0e2e438bc6c8 82108 net extra krb5-pkinit_1.10.1+dfsg-6_amd64.deb
 85478b6655fce98af5f962a395e1a9fd 393890 libs standard libkrb5-3_1.10.1+dfsg-6_amd64.deb
 38dc12e26863194b8adfbd6b7f0e01c5 147966 libs standard libgssapi-krb5-2_1.10.1+dfsg-6_amd64.deb
 cf2ca79135ea3bf0ea3955e7ed3f0465 87732 libs standard libgssrpc4_1.10.1+dfsg-6_amd64.deb
 2381add7770dc8a527fc623d6376a250 84880 libs standard libkadm5srv-mit8_1.10.1+dfsg-6_amd64.deb
 df3b7c595648fdd85e485e5887716008 67912 libs standard libkadm5clnt-mit8_1.10.1+dfsg-6_amd64.deb
 0b459294b8392aeae6474240dec46511 112266 libs standard libk5crypto3_1.10.1+dfsg-6_amd64.deb
 0f8688ea0be7bd01d4e2a77742a49859 66810 libs standard libkdb5-6_1.10.1+dfsg-6_amd64.deb
 29385b08ca06bfd6df6f550656695bce 49536 libs standard libkrb5support0_1.10.1+dfsg-6_amd64.deb
 ac5c7be2e4643b13d4f1c084fb5e1f21 51822 net extra krb5-gss-samples_1.10.1+dfsg-6_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAlGS4LQACgkQ/I12czyGJg/gIwCfVnVufcirzqb2vuVc0m/1CEMR
5VEAn0RPgxQ36j41+H22tMiCJ/JuZ9Cp
=AueI
-----END PGP SIGNATURE-----




Information forwarded to debian-bugs-dist@lists.debian.org, Sam Hartman <hartmans@debian.org>, kaduk@mit.edu:
Bug#708267; Package krb5-admin-server. (Mon, 20 May 2013 20:18:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Florian Weimer <fw@deneb.enyo.de>:
Extra info received and forwarded to list. Copy sent to Sam Hartman <hartmans@debian.org>, kaduk@mit.edu. (Mon, 20 May 2013 20:18:04 GMT) Full text and rfc822 format available.

Message #67 received at submit@bugs.debian.org (full text, mbox):

From: Florian Weimer <fw@deneb.enyo.de>
To: Tom Yu <tlyu@MIT.EDU>
Cc: 708267@bugs.debian.org, Sam Hartman <hartmans@debian.org>, Benjamin Kaduk <kaduk@mit.edu>, submit@bugs.debian.org
Subject: Re: Bug#708267: cve-2002-2443: kpasswd udp ping-pong
Date: Mon, 20 May 2013 22:14:56 +0200
* Tom Yu:

> Some limited testing indicates that when the packet storm is confined
> to a single host, legitimate kpasswd and kadm5 requests can still get
> through, and the CPU usage pegs at about 70%.  I haven't tested with
> multiple hosts involved.

Out of curiosity, how many spoofed packets have you injected?



Information forwarded to debian-bugs-dist@lists.debian.org, Sam Hartman <hartmans@debian.org>, kaduk@mit.edu:
Bug#708267; Package krb5-admin-server. (Mon, 20 May 2013 20:27:09 GMT) Full text and rfc822 format available.

Acknowledgement sent to Tom Yu <tlyu@MIT.EDU>:
Extra info received and forwarded to list. Copy sent to Sam Hartman <hartmans@debian.org>, kaduk@mit.edu. (Mon, 20 May 2013 20:27:09 GMT) Full text and rfc822 format available.

Message #72 received at 708267@bugs.debian.org (full text, mbox):

From: Tom Yu <tlyu@MIT.EDU>
To: Florian Weimer <fw@deneb.enyo.de>
Cc: 708267@bugs.debian.org, Sam Hartman <hartmans@debian.org>, Benjamin Kaduk <kaduk@mit.edu>
Subject: Re: Bug#708267: cve-2002-2443: kpasswd udp ping-pong
Date: Mon, 20 May 2013 16:22:23 -0400
Florian Weimer <fw@deneb.enyo.de> writes:

> * Tom Yu:
>
>> Some limited testing indicates that when the packet storm is confined
>> to a single host, legitimate kpasswd and kadm5 requests can still get
>> through, and the CPU usage pegs at about 70%.  I haven't tested with
>> multiple hosts involved.
>
> Out of curiosity, how many spoofed packets have you injected?

I only did some proof of concept testing with a single spoofed packet.



Information forwarded to debian-bugs-dist@lists.debian.org, Sam Hartman <hartmans@debian.org>, kaduk@mit.edu:
Bug#708267; Package krb5-admin-server. (Mon, 20 May 2013 20:27:12 GMT) Full text and rfc822 format available.

Acknowledgement sent to Florian Weimer <fw@deneb.enyo.de>:
Extra info received and forwarded to list. Copy sent to Sam Hartman <hartmans@debian.org>, kaduk@mit.edu. (Mon, 20 May 2013 20:27:12 GMT) Full text and rfc822 format available.

Message #77 received at 708267@bugs.debian.org (full text, mbox):

From: Florian Weimer <fw@deneb.enyo.de>
To: Tom Yu <tlyu@MIT.EDU>
Cc: 708267@bugs.debian.org, Sam Hartman <hartmans@debian.org>, Benjamin Kaduk <kaduk@mit.edu>
Subject: Re: Bug#708267: cve-2002-2443: kpasswd udp ping-pong
Date: Mon, 20 May 2013 22:25:27 +0200
* Tom Yu:

> Florian Weimer <fw@deneb.enyo.de> writes:
>
>> * Tom Yu:
>>
>>> Some limited testing indicates that when the packet storm is confined
>>> to a single host, legitimate kpasswd and kadm5 requests can still get
>>> through, and the CPU usage pegs at about 70%.  I haven't tested with
>>> multiple hosts involved.
>>
>> Out of curiosity, how many spoofed packets have you injected?
>
> I only did some proof of concept testing with a single spoofed packet.

Okay, that explains the limited impact. 8-)



Information forwarded to debian-bugs-dist@lists.debian.org, Sam Hartman <hartmans@debian.org>, kaduk@mit.edu:
Bug#708267; Package krb5-admin-server. (Mon, 20 May 2013 20:48:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Florian Weimer <fw@deneb.enyo.de>:
Extra info received and forwarded to list. Copy sent to Sam Hartman <hartmans@debian.org>, kaduk@mit.edu. (Mon, 20 May 2013 20:48:04 GMT) Full text and rfc822 format available.

Message #82 received at 708267@bugs.debian.org (full text, mbox):

From: Florian Weimer <fw@deneb.enyo.de>
To: Sam Hartman <hartmans@debian.org>
Cc: 708267@bugs.debian.org, Benjamin Kaduk <kaduk@MIT.EDU>
Subject: Re: Bug#708267: cve-2002-2443: kpasswd udp ping-pong
Date: Mon, 20 May 2013 22:12:56 +0200
* Sam Hartman:

> I assume this goes back to squeeze as well.
>
> Shouldn't the severity be higher? This seems probably worth a DSA
> because such ping-pong attacks can really be bad for a network/server.
> Or am I missing mittigations?

Yes, packet loops can be annoying.  I think we should issue a DSA for
this.

> I'd be happy to work on packages.

Thanks!



Information forwarded to debian-bugs-dist@lists.debian.org, Sam Hartman <hartmans@debian.org>, kaduk@mit.edu:
Bug#708267; Package krb5-admin-server. (Mon, 20 May 2013 20:48:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Florian Weimer <fw@deneb.enyo.de>:
Extra info received and forwarded to list. Copy sent to Sam Hartman <hartmans@debian.org>, kaduk@mit.edu. (Mon, 20 May 2013 20:48:07 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, kaduk@mit.edu:
Bug#708267; Package krb5-admin-server. (Tue, 21 May 2013 01:51:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Sam Hartman <hartmans@debian.org>:
Extra info received and forwarded to list. Copy sent to kaduk@mit.edu. (Tue, 21 May 2013 01:51:04 GMT) Full text and rfc822 format available.

Message #92 received at 708267@bugs.debian.org (full text, mbox):

From: Sam Hartman <hartmans@debian.org>
To: Florian Weimer <fw@deneb.enyo.de>
Cc: 708267@bugs.debian.org, Benjamin Kaduk <kaduk@mit.edu>
Subject: Re: Bug#708267: cve-2002-2443: kpasswd udp ping-pong
Date: Mon, 20 May 2013 21:49:50 -0400
>>>>> "Florian" == Florian Weimer <fw@deneb.enyo.de> writes:


    Florian> Yes, packet loops can be annoying.  I think we should issue
    Florian> a DSA for this.

OK, do you want me to prepare patches and builds for squeeze and wheezy?



Information forwarded to debian-bugs-dist@lists.debian.org, Sam Hartman <hartmans@debian.org>, kaduk@mit.edu:
Bug#708267; Package krb5-admin-server. (Tue, 21 May 2013 04:45:13 GMT) Full text and rfc822 format available.

Acknowledgement sent to Florian Weimer <fw@deneb.enyo.de>:
Extra info received and forwarded to list. Copy sent to Sam Hartman <hartmans@debian.org>, kaduk@mit.edu. (Tue, 21 May 2013 04:45:13 GMT) Full text and rfc822 format available.

Message #97 received at 708267@bugs.debian.org (full text, mbox):

From: Florian Weimer <fw@deneb.enyo.de>
To: Sam Hartman <hartmans@debian.org>
Cc: 708267@bugs.debian.org, Benjamin Kaduk <kaduk@mit.edu>
Subject: Re: Bug#708267: cve-2002-2443: kpasswd udp ping-pong
Date: Tue, 21 May 2013 06:38:40 +0200
* Sam Hartman:

>>>>>> "Florian" == Florian Weimer <fw@deneb.enyo.de> writes:
>
>
>     Florian> Yes, packet loops can be annoying.  I think we should issue
>     Florian> a DSA for this.
>
> OK, do you want me to prepare patches and builds for squeeze and wheezy?

Yes, that would be ideal.



Information forwarded to debian-bugs-dist@lists.debian.org, kaduk@mit.edu:
Bug#708267; Package krb5-admin-server. (Tue, 21 May 2013 09:33:08 GMT) Full text and rfc822 format available.

Acknowledgement sent to Sam Hartman <hartmans@debian.org>:
Extra info received and forwarded to list. Copy sent to kaduk@mit.edu. (Tue, 21 May 2013 09:33:08 GMT) Full text and rfc822 format available.

Message #102 received at 708267@bugs.debian.org (full text, mbox):

From: Sam Hartman <hartmans@debian.org>
To: Florian Weimer <fw@deneb.enyo.de>
Cc: 708267@bugs.debian.org, Benjamin Kaduk <kaduk@mit.edu>
Subject: Re: Bug#708267: cve-2002-2443: kpasswd udp ping-pong
Date: Tue, 21 May 2013 05:29:55 -0400
I'll try to get it done by tomorrow morning east coast time.
If it doesn't happen by then it will be a while and it would be great if
someone else would step forward.



Information forwarded to debian-bugs-dist@lists.debian.org, kaduk@mit.edu:
Bug#708267; Package krb5-admin-server. (Wed, 22 May 2013 12:27:11 GMT) Full text and rfc822 format available.

Acknowledgement sent to Sam Hartman <hartmans@debian.org>:
Extra info received and forwarded to list. Copy sent to kaduk@mit.edu. (Wed, 22 May 2013 12:27:11 GMT) Full text and rfc822 format available.

Message #107 received at 708267@bugs.debian.org (full text, mbox):

From: Sam Hartman <hartmans@debian.org>
To: Florian Weimer <fw@deneb.enyo.de>
Cc: 708267@bugs.debian.org, Benjamin Kaduk <kaduk@mit.edu>
Subject: Re: Bug#708267: cve-2002-2443: kpasswd udp ping-pong
Date: Wed, 22 May 2013 08:26:06 -0400
so, i'll be uploading to oldstable-security shortly.
i have tested those patches.

i have a package ready to build at the wheezy branch of the debian krb5
git (debcheckout krb5)

I have not built that. I apparently don't have a wheezy environment and
am not going to have chance to set up chroot this morning.
Hopefully someone else can take those sources and build them on their
way to stable-security.

sid and testing will be blocked by the texinfo stupidity.  
I think the right way to get rid of that is to move to krb5 1.11.2,
which doesn't use texinfo for documentation.

--Sam



Reply sent to Sam Hartman <hartmans@debian.org>:
You have taken responsibility. (Wed, 05 Jun 2013 22:48:26 GMT) Full text and rfc822 format available.

Notification sent to Benjamin Kaduk <kaduk@MIT.EDU>:
Bug acknowledged by developer. (Wed, 05 Jun 2013 22:48:26 GMT) Full text and rfc822 format available.

Message #112 received at 708267-close@bugs.debian.org (full text, mbox):

From: Sam Hartman <hartmans@debian.org>
To: 708267-close@bugs.debian.org
Subject: Bug#708267: fixed in krb5 1.8.3+dfsg-4squeeze7
Date: Wed, 05 Jun 2013 22:47:33 +0000
Source: krb5
Source-Version: 1.8.3+dfsg-4squeeze7

We believe that the bug you reported is fixed in the latest version of
krb5, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 708267@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sam Hartman <hartmans@debian.org> (supplier of updated krb5 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 22 May 2013 07:33:24 -0400
Source: krb5
Binary: krb5-user krb5-kdc krb5-kdc-ldap krb5-admin-server krb5-multidev libkrb5-dev libkrb5-dbg krb5-pkinit krb5-doc libkrb5-3 libgssapi-krb5-2 libgssrpc4 libkadm5srv-mit7 libkadm5clnt-mit7 libk5crypto3 libkdb5-4 libkrb5support0 libkrb53
Architecture: source all amd64
Version: 1.8.3+dfsg-4squeeze7
Distribution: oldstable-security
Urgency: medium
Maintainer: Sam Hartman <hartmans@debian.org>
Changed-By: Sam Hartman <hartmans@debian.org>
Description: 
 krb5-admin-server - MIT Kerberos master server (kadmind)
 krb5-doc   - Documentation for MIT Kerberos
 krb5-kdc   - MIT Kerberos key server (KDC)
 krb5-kdc-ldap - MIT Kerberos key server (KDC) LDAP plugin
 krb5-multidev - Development files for MIT Kerberos without Heimdal conflict
 krb5-pkinit - PKINIT plugin for MIT Kerberos
 krb5-user  - Basic programs to authenticate using MIT Kerberos
 libgssapi-krb5-2 - MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
 libgssrpc4 - MIT Kerberos runtime libraries - GSS enabled ONCRPC
 libk5crypto3 - MIT Kerberos runtime libraries - Crypto Library
 libkadm5clnt-mit7 - MIT Kerberos runtime libraries - Administration Clients
 libkadm5srv-mit7 - MIT Kerberos runtime libraries - KDC and Admin Server
 libkdb5-4  - MIT Kerberos runtime libraries - Kerberos database
 libkrb5-3  - MIT Kerberos runtime libraries
 libkrb5-dbg - Debugging files for MIT Kerberos
 libkrb5-dev - Headers and development libraries for MIT Kerberos
 libkrb53   - transitional package for MIT Kerberos libraries
 libkrb5support0 - MIT Kerberos runtime libraries - Support library
Closes: 708267
Changes: 
 krb5 (1.8.3+dfsg-4squeeze7) oldstable-security; urgency=medium
 .
   * Fix "cve-2002-2443: kpasswd udp ping-pong"  (Closes: #708267)
Checksums-Sha1: 
 9cc65c8e59a4068a8c3612dd11a0103dd34b14d6 1610 krb5_1.8.3+dfsg-4squeeze7.dsc
 7197516c3a0e368fedcc737c84bec7977b911ed6 107176 krb5_1.8.3+dfsg-4squeeze7.diff.gz
 6ac247cd0f720a9e5f7b899285fa3e520c7aef21 2255534 krb5-doc_1.8.3+dfsg-4squeeze7_all.deb
 d4e444aab5d0cca3c7e1461e24ee279b7aa0cf97 1373874 libkrb53_1.8.3+dfsg-4squeeze7_all.deb
 a468eb9e08a94f2bd15e0d5cc450913d1bf2f241 138772 krb5-user_1.8.3+dfsg-4squeeze7_amd64.deb
 acef20cb3b4d3b0bf79a38254cb5927b5089e48b 219170 krb5-kdc_1.8.3+dfsg-4squeeze7_amd64.deb
 50f5adab627a22aa6da23d272a36e6ada0c1f14d 118198 krb5-kdc-ldap_1.8.3+dfsg-4squeeze7_amd64.deb
 c73e645550e1fb2e7be7e853ea79b2d536c5ff10 114290 krb5-admin-server_1.8.3+dfsg-4squeeze7_amd64.deb
 9cc05d2be1e47735c6538855e79c7a15c4eca547 104400 krb5-multidev_1.8.3+dfsg-4squeeze7_amd64.deb
 4ac1f237e2a8ab64a5f612e236c297a4ce9c2037 37710 libkrb5-dev_1.8.3+dfsg-4squeeze7_amd64.deb
 7cdd6450841ef0433440cc96a8ad6c17734dbec1 1628328 libkrb5-dbg_1.8.3+dfsg-4squeeze7_amd64.deb
 7db5733a65f53c7ba7e441227cc91a41977a5122 78126 krb5-pkinit_1.8.3+dfsg-4squeeze7_amd64.deb
 3ce9991506e2f5756b293abbfcce1421ec03ded7 373650 libkrb5-3_1.8.3+dfsg-4squeeze7_amd64.deb
 86410d02b35500bdea47ece6c2de1d39ace26b96 130530 libgssapi-krb5-2_1.8.3+dfsg-4squeeze7_amd64.deb
 4504a0061e2dc0403b5fb222be25cbd713763ba8 84022 libgssrpc4_1.8.3+dfsg-4squeeze7_amd64.deb
 bb43fd31b1cee86989653ee487b9730008102c9d 78742 libkadm5srv-mit7_1.8.3+dfsg-4squeeze7_amd64.deb
 1baabab8c25a2524fdeae5b66ee7e64e30762f3e 64386 libkadm5clnt-mit7_1.8.3+dfsg-4squeeze7_amd64.deb
 eb0dd925e7c302cf20d8f996ee1d365b05c7a730 106066 libk5crypto3_1.8.3+dfsg-4squeeze7_amd64.deb
 374c054aba3149cdf45aa5d308ea14b97c4cbbb9 63808 libkdb5-4_1.8.3+dfsg-4squeeze7_amd64.deb
 3a5f475d8dfc9f480a4e888752e6105fc09fc84c 46454 libkrb5support0_1.8.3+dfsg-4squeeze7_amd64.deb
Checksums-Sha256: 
 04f584260d734346bd868f31f7826480d1187f6ba69ba9a72f9ae2fd47316f3a 1610 krb5_1.8.3+dfsg-4squeeze7.dsc
 1e464c6dd6ee4cf4a139f1bbb0e37e1a0178793125df36c38c6302382596af27 107176 krb5_1.8.3+dfsg-4squeeze7.diff.gz
 ba70be277879a021dae7be52150b95e5688b8ee1c65c8d6aeefbeaf0932ab162 2255534 krb5-doc_1.8.3+dfsg-4squeeze7_all.deb
 74c2b9ae4df07d2881e5f687e4c1973fc5aaeff219b3b0a4dbd885672be0581e 1373874 libkrb53_1.8.3+dfsg-4squeeze7_all.deb
 4628dab7f1e359abe50ddf8b00964ead05017c209706a469a031c4c7c21638a4 138772 krb5-user_1.8.3+dfsg-4squeeze7_amd64.deb
 b3a64fd7004c8d28b60b32af8848432d35eddb9cff8946870020d90834b44ded 219170 krb5-kdc_1.8.3+dfsg-4squeeze7_amd64.deb
 0921ae67c6ef14ef12aafbef49e55c14803a083404ae38df109e38e42fd301ca 118198 krb5-kdc-ldap_1.8.3+dfsg-4squeeze7_amd64.deb
 2daaf38df78979ea5d9d4410884be0aae7e1aaf87d88e5716010ee097e3c3e39 114290 krb5-admin-server_1.8.3+dfsg-4squeeze7_amd64.deb
 e0fffd7f523b2005c770757f898ec0f4a025aa07e82d6025caf72747e89e4d0b 104400 krb5-multidev_1.8.3+dfsg-4squeeze7_amd64.deb
 f189ed4881830c95dbf9ccda651ff104db4b453e6a035a1787212f5084522b02 37710 libkrb5-dev_1.8.3+dfsg-4squeeze7_amd64.deb
 4d6ec4f05fdc0ebf63e67706c82548cebf2a5978edf1169a210f31a9f93b1e97 1628328 libkrb5-dbg_1.8.3+dfsg-4squeeze7_amd64.deb
 618c816a237b0d8b654331c3aca1cffe5baabaa82f1f7c131159eb3efaaf6046 78126 krb5-pkinit_1.8.3+dfsg-4squeeze7_amd64.deb
 40edefdc8a5acc971d478aef25f41496ea85434d0e280f09f6bf56c371675e34 373650 libkrb5-3_1.8.3+dfsg-4squeeze7_amd64.deb
 5c4586b4481f378b87da66e2e5b709ea099115ca694c6c4a0a2bd8d9e5aaacef 130530 libgssapi-krb5-2_1.8.3+dfsg-4squeeze7_amd64.deb
 e3afd4edec498c8b59ac3e7b58f1e65a9bbd550a8ba700bfe424129325eaea09 84022 libgssrpc4_1.8.3+dfsg-4squeeze7_amd64.deb
 f6ae2bdb9ba3efccf743c2ebf90c21e78e00e20e4298177ced68ab5295d5910e 78742 libkadm5srv-mit7_1.8.3+dfsg-4squeeze7_amd64.deb
 8fd96cd5cb3caa990c640b8a489d5c7025bd530ea4f4fea0670a5b80f43820ff 64386 libkadm5clnt-mit7_1.8.3+dfsg-4squeeze7_amd64.deb
 7c685923268e7cdc1724d8946c39e6ed9c54e0feec9d27c787a669f407876274 106066 libk5crypto3_1.8.3+dfsg-4squeeze7_amd64.deb
 c1879609673ee4b102c2d70384c791c4becc85ebbb94692466cf3f58bfe69cbe 63808 libkdb5-4_1.8.3+dfsg-4squeeze7_amd64.deb
 02f8802f524cd5210e1df58d37480f719e83a0d15076a78b4e50643c955d3645 46454 libkrb5support0_1.8.3+dfsg-4squeeze7_amd64.deb
Files: 
 894c4bbe565183835ed54bfae7b386cc 1610 net standard krb5_1.8.3+dfsg-4squeeze7.dsc
 942cd6cdcb46e9d10f408b9baf973f77 107176 net standard krb5_1.8.3+dfsg-4squeeze7.diff.gz
 f2f32d1572ec63dd7bd0c4a3520e9118 2255534 doc optional krb5-doc_1.8.3+dfsg-4squeeze7_all.deb
 f305d359fc13d378733932a1190fef98 1373874 oldlibs extra libkrb53_1.8.3+dfsg-4squeeze7_all.deb
 5d2493357bbba7c052f1a4817d11e345 138772 net optional krb5-user_1.8.3+dfsg-4squeeze7_amd64.deb
 c146d6ff4c0b0149b70a69b639ad6f83 219170 net optional krb5-kdc_1.8.3+dfsg-4squeeze7_amd64.deb
 9cd1daf368b6d2a91545869c9789247b 118198 net extra krb5-kdc-ldap_1.8.3+dfsg-4squeeze7_amd64.deb
 3d16357af7e4e1b8ba84bbce4d43ca93 114290 net optional krb5-admin-server_1.8.3+dfsg-4squeeze7_amd64.deb
 8625cc3cebd71928c994ede308cf675e 104400 libdevel optional krb5-multidev_1.8.3+dfsg-4squeeze7_amd64.deb
 39c1130fa7641bd55dd8d1494f5fa002 37710 libdevel extra libkrb5-dev_1.8.3+dfsg-4squeeze7_amd64.deb
 88c91077fd0af7d5758f1eb16cb82fce 1628328 debug extra libkrb5-dbg_1.8.3+dfsg-4squeeze7_amd64.deb
 918820c24b883ae290c9b02f0580e121 78126 net extra krb5-pkinit_1.8.3+dfsg-4squeeze7_amd64.deb
 28dc465d0ec532d41b6cea3b1737f20e 373650 libs standard libkrb5-3_1.8.3+dfsg-4squeeze7_amd64.deb
 fd528cb051563a08687a4faf9d523b50 130530 libs standard libgssapi-krb5-2_1.8.3+dfsg-4squeeze7_amd64.deb
 909caf1d518bba4d932a961de89dab6a 84022 libs standard libgssrpc4_1.8.3+dfsg-4squeeze7_amd64.deb
 09e9adf10cfa223ad82e22f3461556e7 78742 libs standard libkadm5srv-mit7_1.8.3+dfsg-4squeeze7_amd64.deb
 09ff2331976a49120d5bb31b0f9330c0 64386 libs standard libkadm5clnt-mit7_1.8.3+dfsg-4squeeze7_amd64.deb
 c3f53d11efd7695de7c9bc0d73ef7e22 106066 libs standard libk5crypto3_1.8.3+dfsg-4squeeze7_amd64.deb
 2fb83ebd5d477f082278820f74e18f52 63808 libs standard libkdb5-4_1.8.3+dfsg-4squeeze7_amd64.deb
 2449f350cfd7b36c63fb1ef37702cf11 46454 libs standard libkrb5support0_1.8.3+dfsg-4squeeze7_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAlGcuhoACgkQ/I12czyGJg9ELgCgzWMX8jjwm07GZDGdYuan/g8r
+kEAnAhHGnbAhCSzL2kIlpFx0+GEzk5Y
=+aUP
-----END PGP SIGNATURE-----




Marked as found in versions krb5/1.11.3+dfsg-1 and reopened. Request was from Sam Hartman <hartmans@debian.org> to control@bugs.debian.org. (Sat, 08 Jun 2013 01:36:51 GMT) Full text and rfc822 format available.

Reply sent to Sam Hartman <hartmans@debian.org>:
You have taken responsibility. (Mon, 10 Jun 2013 13:51:11 GMT) Full text and rfc822 format available.

Notification sent to Benjamin Kaduk <kaduk@MIT.EDU>:
Bug acknowledged by developer. (Mon, 10 Jun 2013 13:51:11 GMT) Full text and rfc822 format available.

Message #119 received at 708267-done@bugs.debian.org (full text, mbox):

From: Sam Hartman <hartmans@debian.org>
To: 708267-done@bugs.debian.org
Subject: UDP ping-pong fixed in 1.11.3
Date: Mon, 10 Jun 2013 09:47:45 -0400
source: krb5
source-version: 1.11.3+dfsg-1

But the bug number didn't make it into the changelog.



Reply sent to Michael Gilbert <mgilbert@debian.org>:
You have taken responsibility. (Sat, 13 Jul 2013 14:09:30 GMT) Full text and rfc822 format available.

Notification sent to Benjamin Kaduk <kaduk@MIT.EDU>:
Bug acknowledged by developer. (Sat, 13 Jul 2013 14:09:30 GMT) Full text and rfc822 format available.

Message #124 received at 708267-close@bugs.debian.org (full text, mbox):

From: Michael Gilbert <mgilbert@debian.org>
To: 708267-close@bugs.debian.org
Subject: Bug#708267: fixed in krb5 1.10.1+dfsg-5+deb7u1
Date: Sat, 13 Jul 2013 14:06:02 +0000
Source: krb5
Source-Version: 1.10.1+dfsg-5+deb7u1

We believe that the bug you reported is fixed in the latest version of
krb5, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 708267@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Gilbert <mgilbert@debian.org> (supplier of updated krb5 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 30 May 2013 01:03:26 +0000
Source: krb5
Binary: krb5-user krb5-kdc krb5-kdc-ldap krb5-admin-server krb5-multidev libkrb5-dev libkrb5-dbg krb5-pkinit krb5-doc libkrb5-3 libgssapi-krb5-2 libgssrpc4 libkadm5srv-mit8 libkadm5clnt-mit8 libk5crypto3 libkdb5-6 libkrb5support0 krb5-gss-samples krb5-locales
Architecture: source all amd64
Version: 1.10.1+dfsg-5+deb7u1
Distribution: stable-security
Urgency: high
Maintainer: Sam Hartman <hartmans@debian.org>
Changed-By: Michael Gilbert <mgilbert@debian.org>
Description: 
 krb5-admin-server - MIT Kerberos master server (kadmind)
 krb5-doc   - Documentation for MIT Kerberos
 krb5-gss-samples - MIT Kerberos GSS Sample applications
 krb5-kdc   - MIT Kerberos key server (KDC)
 krb5-kdc-ldap - MIT Kerberos key server (KDC) LDAP plugin
 krb5-locales - Internationalization support for MIT Kerberos
 krb5-multidev - Development files for MIT Kerberos without Heimdal conflict
 krb5-pkinit - PKINIT plugin for MIT Kerberos
 krb5-user  - Basic programs to authenticate using MIT Kerberos
 libgssapi-krb5-2 - MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
 libgssrpc4 - MIT Kerberos runtime libraries - GSS enabled ONCRPC
 libk5crypto3 - MIT Kerberos runtime libraries - Crypto Library
 libkadm5clnt-mit8 - MIT Kerberos runtime libraries - Administration Clients
 libkadm5srv-mit8 - MIT Kerberos runtime libraries - KDC and Admin Server
 libkdb5-6  - MIT Kerberos runtime libraries - Kerberos database
 libkrb5-3  - MIT Kerberos runtime libraries
 libkrb5-dbg - Debugging files for MIT Kerberos
 libkrb5-dev - Headers and development libraries for MIT Kerberos
 libkrb5support0 - MIT Kerberos runtime libraries - Support library
Closes: 708267
Changes: 
 krb5 (1.10.1+dfsg-5+deb7u1) stable-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Fix cve-2002-2443: denial-of-service issue due to improper UDP packet
     validation (closes: #708267).
Checksums-Sha1: 
 9c21119e529b81832f79618f7866c4d1cde8818e 3649 krb5_1.10.1+dfsg-5+deb7u1.dsc
 dd4efcb604aec3f7faca0cb97e9dbd1f456c710e 10638231 krb5_1.10.1+dfsg.orig.tar.gz
 27753e59ec70da30e90984406f40b7d21e483fe0 132477 krb5_1.10.1+dfsg-5+deb7u1.debian.tar.gz
 b45a1ef5e9de52cd6528c27f9d42961ee1e754f8 2665144 krb5-doc_1.10.1+dfsg-5+deb7u1_all.deb
 9bbe440b60a0a6d4aead8dbda56b79e734a75137 1503134 krb5-locales_1.10.1+dfsg-5+deb7u1_all.deb
 db28babe15a2c01b37448a2a4dec00c858f0ed0c 153580 krb5-user_1.10.1+dfsg-5+deb7u1_amd64.deb
 9996356b7ea2775ce1cc58817a80261097254cb3 226048 krb5-kdc_1.10.1+dfsg-5+deb7u1_amd64.deb
 65322e1154fe582fa70780b6b7e36dd08a4fde63 121210 krb5-kdc-ldap_1.10.1+dfsg-5+deb7u1_amd64.deb
 559a0cb6772b58fa52d4969098b9da1187b45e79 122982 krb5-admin-server_1.10.1+dfsg-5+deb7u1_amd64.deb
 cd7a33324dc6fd82a9487ae03118f6ee7d02d9d4 153564 krb5-multidev_1.10.1+dfsg-5+deb7u1_amd64.deb
 6360e0eb95db8295b27102df3b185e08279d8faa 39152 libkrb5-dev_1.10.1+dfsg-5+deb7u1_amd64.deb
 722a109f5b58ba920387e03c241063988e15cd83 2203656 libkrb5-dbg_1.10.1+dfsg-5+deb7u1_amd64.deb
 fb8ff9096975095619b508f67848c90235e2afdf 82142 krb5-pkinit_1.10.1+dfsg-5+deb7u1_amd64.deb
 73b30d6bca3f7cfe956a86bfa99635f09c6dcf7f 393950 libkrb5-3_1.10.1+dfsg-5+deb7u1_amd64.deb
 feaf265dfdf8a758a1a5c8b4231031e795c181ef 147566 libgssapi-krb5-2_1.10.1+dfsg-5+deb7u1_amd64.deb
 d824705f42c57bd8e7e8995c0b4528291338e77f 87518 libgssrpc4_1.10.1+dfsg-5+deb7u1_amd64.deb
 f3b4df2da336c80f550c98b46200f1c612c07eae 84604 libkadm5srv-mit8_1.10.1+dfsg-5+deb7u1_amd64.deb
 f82cc20be848115d08a6d1713fa514a058b55a4a 67742 libkadm5clnt-mit8_1.10.1+dfsg-5+deb7u1_amd64.deb
 c90d4d0cdc78c3f8913e930ec42e488c0caec1c3 112416 libk5crypto3_1.10.1+dfsg-5+deb7u1_amd64.deb
 0da641986a0cf74de410ccd835bbeda2b9830ced 66854 libkdb5-6_1.10.1+dfsg-5+deb7u1_amd64.deb
 c68fffb29a235938c377599c9aef5c77e27a4229 49120 libkrb5support0_1.10.1+dfsg-5+deb7u1_amd64.deb
 e9e481b614d71eb2ec6937b110f2198dce562d6b 51342 krb5-gss-samples_1.10.1+dfsg-5+deb7u1_amd64.deb
Checksums-Sha256: 
 5c1759e92aed4134816ba9e811ebc6555b968ca50fa4c55df54bb4f69c15e6a9 3649 krb5_1.10.1+dfsg-5+deb7u1.dsc
 f0b63fb8ffd0ae0bf3276da37fc55857079c75dccf78b31d628a0aeccfa8b183 10638231 krb5_1.10.1+dfsg.orig.tar.gz
 a8318cda7538299bfe5244f870633fbcf2bf763ce26fc11a4c433f5254e38bfc 132477 krb5_1.10.1+dfsg-5+deb7u1.debian.tar.gz
 9ce2479952f6a3f9e448b52ef902156f7350be2391e35c56b809de0c57f867f9 2665144 krb5-doc_1.10.1+dfsg-5+deb7u1_all.deb
 8fc5e6d6ea62e6178f5647184edcaef5e92882f9cc219e26f19b972c226f09a6 1503134 krb5-locales_1.10.1+dfsg-5+deb7u1_all.deb
 cd1a349e37808e0fef0b609eaf28ee39f9fe86fcbeb22ebd99f0b8ae2c194ce8 153580 krb5-user_1.10.1+dfsg-5+deb7u1_amd64.deb
 e9c7fecbd0472476ed57556072908952425d17bb2be1e7749fad99a6cc29ca1f 226048 krb5-kdc_1.10.1+dfsg-5+deb7u1_amd64.deb
 0430d1eb447fffd5f94f2656aceea8e06b9f2a73d9c1ea03f03adc413a0bbc48 121210 krb5-kdc-ldap_1.10.1+dfsg-5+deb7u1_amd64.deb
 bae237fff0ad58ba4bf1e82723fb4570cac11ec713bd7e16baefa6b2c58a0401 122982 krb5-admin-server_1.10.1+dfsg-5+deb7u1_amd64.deb
 89028ef54624c30fa5b47f732f54bd5e91e100082c514584ed6ec3e03de86254 153564 krb5-multidev_1.10.1+dfsg-5+deb7u1_amd64.deb
 216607e07198c3b7001a3a5ccb6bcf4bdd14ee0738a18133ba83e2118253a2a1 39152 libkrb5-dev_1.10.1+dfsg-5+deb7u1_amd64.deb
 64def88e4d06939310c45ef8dd556e90eaf7241706d96d71908254f05f90f20a 2203656 libkrb5-dbg_1.10.1+dfsg-5+deb7u1_amd64.deb
 46b0a4ae633900b6fd5d79065046071558b973b483e079f25274a366a622ad1c 82142 krb5-pkinit_1.10.1+dfsg-5+deb7u1_amd64.deb
 7d3b2bc68b9fa62f3dafa7391870c48c5cc125fe21ea7a8b6892bebcbea7287c 393950 libkrb5-3_1.10.1+dfsg-5+deb7u1_amd64.deb
 8dd97e9c2f65ab5fafaca046af3185a44df732bd63b1ed2c51992e4bb17cdd39 147566 libgssapi-krb5-2_1.10.1+dfsg-5+deb7u1_amd64.deb
 e50c29f674cd10f1998625393c7c4e6cbca656d83267b8219266e9f182b9914a 87518 libgssrpc4_1.10.1+dfsg-5+deb7u1_amd64.deb
 eb3de35ca2b240cd475e54ff95c696a4cb9567a9f08080bfc491120e32eda841 84604 libkadm5srv-mit8_1.10.1+dfsg-5+deb7u1_amd64.deb
 a2aa924d14fbdb5e65ac78b498ccc453fd51897d33adc721b5731ab1c4744ef9 67742 libkadm5clnt-mit8_1.10.1+dfsg-5+deb7u1_amd64.deb
 719757866b767b0917370300ab94aeb6539bc7923b7ca29ae2021bfb21a165de 112416 libk5crypto3_1.10.1+dfsg-5+deb7u1_amd64.deb
 d521ef545ade4c74c048daaf42cdb41615647a5f02ef465503233858770d4dd8 66854 libkdb5-6_1.10.1+dfsg-5+deb7u1_amd64.deb
 d4cdd09e672abc4be25a77d6b10f887d8087c3b12fe08ea57a9080e255b5fb39 49120 libkrb5support0_1.10.1+dfsg-5+deb7u1_amd64.deb
 81d3e2d22d1fc5a261149205ccba156e7bb5a1d9022d446bc7dab74101e9fe16 51342 krb5-gss-samples_1.10.1+dfsg-5+deb7u1_amd64.deb
Files: 
 95331e1573c997c0ef2684c4ab29fa79 3649 net standard krb5_1.10.1+dfsg-5+deb7u1.dsc
 3da41835dd4df7d4f3583f82cdbf1a84 10638231 net standard krb5_1.10.1+dfsg.orig.tar.gz
 2ada0fe230b3f701917ec6924b7a4914 132477 net standard krb5_1.10.1+dfsg-5+deb7u1.debian.tar.gz
 21757d2b6f667b1aeadfe97784dbd91f 2665144 doc optional krb5-doc_1.10.1+dfsg-5+deb7u1_all.deb
 5fc1b64357e7aa579b89e1b9fecec3d1 1503134 localization standard krb5-locales_1.10.1+dfsg-5+deb7u1_all.deb
 9780e6da9f112ce5298685f1e5dae43d 153580 net optional krb5-user_1.10.1+dfsg-5+deb7u1_amd64.deb
 73951f166e166822f65d5b25ebe1cfce 226048 net optional krb5-kdc_1.10.1+dfsg-5+deb7u1_amd64.deb
 2ef7aae2c339a6fa3bd9c21b3eaef75b 121210 net extra krb5-kdc-ldap_1.10.1+dfsg-5+deb7u1_amd64.deb
 963878dae1debc916a64e2831a43efb9 122982 net optional krb5-admin-server_1.10.1+dfsg-5+deb7u1_amd64.deb
 f0e74533dcfcb28714f7c00a88bb2922 153564 libdevel optional krb5-multidev_1.10.1+dfsg-5+deb7u1_amd64.deb
 bcd86e610601a73228d63da868d24466 39152 libdevel extra libkrb5-dev_1.10.1+dfsg-5+deb7u1_amd64.deb
 dbcd14c8b109e44570c3fb6a26134fab 2203656 debug extra libkrb5-dbg_1.10.1+dfsg-5+deb7u1_amd64.deb
 f42faf40d0f4649e69aa4d3cc07b1ff1 82142 net extra krb5-pkinit_1.10.1+dfsg-5+deb7u1_amd64.deb
 d06d15fdaf2d9735e4cfeee1f008db70 393950 libs standard libkrb5-3_1.10.1+dfsg-5+deb7u1_amd64.deb
 eaa5eea59ed0af566f3a393b489f8837 147566 libs standard libgssapi-krb5-2_1.10.1+dfsg-5+deb7u1_amd64.deb
 300c374c4cc56e63bc0bd5e4c92bedaf 87518 libs standard libgssrpc4_1.10.1+dfsg-5+deb7u1_amd64.deb
 32364b39a9bea76d0acf926f8850f097 84604 libs standard libkadm5srv-mit8_1.10.1+dfsg-5+deb7u1_amd64.deb
 be6719617bb94dc7be61b72e7b1f70d9 67742 libs standard libkadm5clnt-mit8_1.10.1+dfsg-5+deb7u1_amd64.deb
 92da734f5c94322f30072889e192be64 112416 libs standard libk5crypto3_1.10.1+dfsg-5+deb7u1_amd64.deb
 841f6e25c2fd37f4cae3fc91655c582b 66854 libs standard libkdb5-6_1.10.1+dfsg-5+deb7u1_amd64.deb
 bbdb46d7ed6672806643ca9e4f27a2e9 49120 libs standard libkrb5support0_1.10.1+dfsg-5+deb7u1_amd64.deb
 6c96ce7f34f1461c8b99c7741dd79805 51342 net extra krb5-gss-samples_1.10.1+dfsg-5+deb7u1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQQcBAEBCAAGBQJRqQCaAAoJELjWss0C1vRzpWAgAKiAiQ7/ChwFfOXmdBVmdbaC
DkfuM8mA03Z0J4RmV2LWLeBY1w3BOpz5K+ACcjkSxTOhTcr0oxxCwAf6v8UPjar3
SvOZTfTXz7KmbgQdgDxkapgBiw+iyTMC5+yMa7aOS19Bb44y/DJ76nRIM4Y+V/2x
N0xttxCi3vQCAhoBnRjYKfLanXDWYy+J70pNYr5liTG04JyU+QU5yi+K8DWwgKHT
Xt0DTJOWFjvU37RvfDBcfz7mYraQlZDwejbPB9EJAiVdVTVI/JNzDBgBBvH0hwvT
sCTUWTYdk1AMKJqy39Z9Jtxr4FSwfK3tqlX5eSDETGrV06sugtikZxbMYtUUk2Nt
LWIDtLQ7S89A8bjMn2AlH45iqBHNSn+gBSucPOgjWAKstY7mq3kRX4kA1tKsIJV3
pqESpbogaJn48JEqUPr82RGAlgFWy7IVSNWSLruj9DdzGGeX9Cgb/iDUCsmTlMdP
vjV+1lAfm18jEum5/WtV+ppPjMf60v4Mbb/pcxl+EiB/WhL+6VRbl1ocRo5N5xD9
ijdttpCtdISniS8oM4ZN+H9GymOABm9Q3nHot839BUALTvbAsV+bW03lOx8w9oCK
+Ii7V5JEqRu6HKVqqSmERcgw1ztGLEcBV3GWpEQYczoFnRktUroYrQ+H4aEqkbqd
LVsOsG0koFM6157h/d+fS7mXReVzqx1y0XTKMsPsclBB+zBjgBTN2g6dnu/rQkHH
RqMjt3MR00U5Xls99pVfHqRVH2219hW8iewwEWKD1oM2dvmNgbmPv67uxJ6rbreZ
i5gmH7R6qv3anlTpsK8kY3O/wRpZopwjhcPriVvk0Or8kVkviMbEZtJTnTb58FHh
8fws98eXM4MMz1VreRBUjg4S/oZ7nTs5r3Bifwr8Y42x06Fht38SZ07qeXYdCQes
NWOruR4JGwwEuSJzd1YjvkSGoGWbkFeHg+6iaMsOAltGrUE2JMuHhzQ7TBxiGVit
Kr749HwRCsnNRYiuCrH+DWjj3RRgxqKHlJdP9qeB7t4/xtAcLBX6122RP5EQabBN
O3XOJHXOnn6+fVRVVjSmVyH/412xiibdmFATwnPIkH0jJsy4BAUsb7CpoZEW7B8c
G7R/juxT4P6SLV6REuiK3DqAnCj1xTY7EOPthY7/k+B5E97BVh62Vt9Y7sJL/+4u
6bPRjnU1KoCQYK/6LkpFJaLsRf0oHjQdBNcv3CSWEa2maZkREsFgYP9ac68Jd6g8
adGSmt2rOjpio42MwS0DX05GSo4tUq7pxuH8yWaLRqRlO7OAH1MQhui62i9e6LSs
kcmZOC+SSeWuAxIeddpVg0vTdVzDsmmnhNKC/gU5HKuTpDd4drhCKdkZZJqJ4Bg=
=2iPq
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 13 Oct 2013 07:33:55 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 16 04:40:56 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.