krb5.git/src/lib/gssapi/spnego, branch kinit-c MIT Kerberos patches Allow SPNEGO fallback to NTLM without mechlistMIC 2014-08-09T17:25:09+00:00 Greg Hudson ghudson@mit.edu 2014-08-08T17:32:51+00:00 7208dace8bfbdf5b930e26a19c8ff31c13ea1ef3 For interoperability with Windows Server 2003 and earlier, loosen the initiator's enforcement of RFC 4178's mechlistMIC requirement when falling back to NTLMSSP. [ghudson@mit.edu: rewrote commit message, added comment to NTLMSSP OID] ticket: 7975 target_version: 1.13 tags: pullup 
For interoperability with Windows Server 2003 and earlier, loosen the
initiator's enforcement of RFC 4178's mechlistMIC requirement when
falling back to NTLMSSP.

[ghudson@mit.edu: rewrote commit message, added comment to NTLMSSP
OID]

ticket: 7975
target_version: 1.13
tags: pullup
Fix null deref in SPNEGO acceptor [CVE-2014-4344] 2014-07-21T16:53:18+00:00 Greg Hudson ghudson@mit.edu 2014-07-15T16:56:01+00:00 524688ce87a15fc75f87efc8c039ba4c7d5c197b When processing a continuation token, acc_ctx_cont was dereferencing the initial byte of the token without checking the length. This could result in a null dereference. CVE-2014-4344: In MIT krb5 1.5 and newer, an unauthenticated or partially authenticated remote attacker can cause a NULL dereference and application crash during a SPNEGO negotiation by sending an empty token as the second or later context token from initiator to acceptor. The attacker must provide at least one valid context token in the security context negotiation before sending the empty token. This can be done by an unauthenticated attacker by forcing SPNEGO to renegotiate the underlying mechanism, or by using IAKERB to wrap an unauthenticated AS-REQ as the first token. CVSSv2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:POC/RL:OF/RC:C [kaduk@mit.edu: CVE summary, CVSSv2 vector] ticket: 7970 (new) subject: NULL dereference in SPNEGO acceptor for continuation tokens [CVE-2014-4344] target_version: 1.12.2 tags: pullup 
When processing a continuation token, acc_ctx_cont was dereferencing
the initial byte of the token without checking the length.  This could
result in a null dereference.

CVE-2014-4344:

In MIT krb5 1.5 and newer, an unauthenticated or partially
authenticated remote attacker can cause a NULL dereference and
application crash during a SPNEGO negotiation by sending an empty
token as the second or later context token from initiator to acceptor.
The attacker must provide at least one valid context token in the
security context negotiation before sending the empty token.  This can
be done by an unauthenticated attacker by forcing SPNEGO to
renegotiate the underlying mechanism, or by using IAKERB to wrap an
unauthenticated AS-REQ as the first token.

    CVSSv2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:POC/RL:OF/RC:C

[kaduk@mit.edu: CVE summary, CVSSv2 vector]

ticket: 7970 (new)
subject: NULL dereference in SPNEGO acceptor for continuation tokens [CVE-2014-4344]
target_version: 1.12.2
tags: pullup
Fix double-free in SPNEGO [CVE-2014-4343] 2014-07-21T16:53:17+00:00 David Woodhouse David.Woodhouse@intel.com 2014-07-15T16:54:15+00:00 f18ddf5d82de0ab7591a36e465bc24225776940f In commit cd7d6b08 ("Verify acceptor's mech in SPNEGO initiator") the pointer sc->internal_mech became an alias into sc->mech_set->elements, which should be considered constant for the duration of the SPNEGO context. So don't free it. CVE-2014-4343: In MIT krb5 releases 1.10 and newer, an unauthenticated remote attacker with the ability to spoof packets appearing to be from a GSSAPI acceptor can cause a double-free condition in GSSAPI initiators (clients) which are using the SPNEGO mechanism, by returning a different underlying mechanism than was proposed by the initiator. At this stage of the negotiation, the acceptor is unauthenticated, and the acceptor's response could be spoofed by an attacker with the ability to inject traffic to the initiator. Historically, some double-free vulnerabilities can be translated into remote code execution, though the necessary exploits must be tailored to the individual application and are usually quite complicated. Double-frees can also be exploited to cause an application crash, for a denial of service. However, most GSSAPI client applications are not vulnerable, as the SPNEGO mechanism is not used by default (when GSS_C_NO_OID is passed as the mech_type argument to gss_init_sec_context()). The most common use of SPNEGO is for HTTP-Negotiate, used in web browsers and other web clients. Most such clients are believed to not offer HTTP-Negotiate by default, instead requiring a whitelist of sites for which it may be used to be configured. If the whitelist is configured to only allow HTTP-Negotiate over TLS connections ("https://"), a successful attacker must also spoof the web server's SSL certificate, due to the way the WWW-Authenticate header is sent in a 401 (Unauthorized) response message. Unfortunately, many instructions for enabling HTTP-Negotiate in common web browsers do not include a TLS requirement. CVSSv2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C [kaduk@mit.edu: CVE summary and CVSSv2 vector] ticket: 7969 (new) target_version: 1.12.2 tags: pullup 
In commit cd7d6b08 ("Verify acceptor's mech in SPNEGO initiator") the
pointer sc->internal_mech became an alias into sc->mech_set->elements,
which should be considered constant for the duration of the SPNEGO
context.  So don't free it.

CVE-2014-4343:

In MIT krb5 releases 1.10 and newer, an unauthenticated remote
attacker with the ability to spoof packets appearing to be from a
GSSAPI acceptor can cause a double-free condition in GSSAPI initiators
(clients) which are using the SPNEGO mechanism, by returning a
different underlying mechanism than was proposed by the initiator.  At
this stage of the negotiation, the acceptor is unauthenticated, and
the acceptor's response could be spoofed by an attacker with the
ability to inject traffic to the initiator.

Historically, some double-free vulnerabilities can be translated into
remote code execution, though the necessary exploits must be tailored
to the individual application and are usually quite
complicated. Double-frees can also be exploited to cause an
application crash, for a denial of service.  However, most GSSAPI
client applications are not vulnerable, as the SPNEGO mechanism is not
used by default (when GSS_C_NO_OID is passed as the mech_type argument
to gss_init_sec_context()).  The most common use of SPNEGO is for
HTTP-Negotiate, used in web browsers and other web clients.  Most such
clients are believed to not offer HTTP-Negotiate by default, instead
requiring a whitelist of sites for which it may be used to be
configured.  If the whitelist is configured to only allow
HTTP-Negotiate over TLS connections ("https://"), a successful
attacker must also spoof the web server's SSL certificate, due to the
way the WWW-Authenticate header is sent in a 401 (Unauthorized)
response message.  Unfortunately, many instructions for enabling
HTTP-Negotiate in common web browsers do not include a TLS
requirement.

    CVSSv2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C

[kaduk@mit.edu: CVE summary and CVSSv2 vector]

ticket: 7969 (new)
target_version: 1.12.2
tags: pullup
Include autoconf.h before system headers 2014-07-08T23:19:24+00:00 Greg Hudson ghudson@mit.edu 2014-07-05T15:50:58+00:00 02a1123cf44381690c28f18ab2c4ba8036200539 Include autoconf.h (either directly or via proxy) before system headers, so that feature test macros defined there can affect the system namespace. Where include order was changed, eliminate some redundant or unnecessary includes. ticket: 7961 
Include autoconf.h (either directly or via proxy) before system
headers, so that feature test macros defined there can affect the
system namespace.  Where include order was changed, eliminate some
redundant or unnecessary includes.

ticket: 7961
Allow GSS mechs to force mechlistMIC in SPNEGO 2014-05-08T19:19:10+00:00 Simo Sorce simo@redhat.com 2014-05-05T21:59:08+00:00 bff6bbf52401f9464df365d76f0987fbf8101c5e During a SPNEGO negotiation, if the NTLMSSP mechanism is used and a MIC is produced within the final initiator mechanism token, Microsoft servers require a mechlistMIC even if NTLMSSP was the most preferred mechanism. In spnego_mech.c, add a helper function mech_requires_mechlistMIC which queries the mechanism to determine whether we might need to produce a mechlistMIC for interoperability. Call it after each call to the mechanism's gss_init_sec_context and set sc->mic_reqd if it returns true. Although only the second call to NTLMSSP will actually ever return true, the first call makes the mechanism aware that the SPNEGO implementation supports this feature. [ghudson@mit.edu: clarified commit message and code] ticket: 7907 (new) 
During a SPNEGO negotiation, if the NTLMSSP mechanism is used and a
MIC is produced within the final initiator mechanism token, Microsoft
servers require a mechlistMIC even if NTLMSSP was the most preferred
mechanism.

In spnego_mech.c, add a helper function mech_requires_mechlistMIC
which queries the mechanism to determine whether we might need to
produce a mechlistMIC for interoperability.  Call it after each call
to the mechanism's gss_init_sec_context and set sc->mic_reqd if it
returns true.  Although only the second call to NTLMSSP will actually
ever return true, the first call makes the mechanism aware that the
SPNEGO implementation supports this feature.

[ghudson@mit.edu: clarified commit message and code]

ticket: 7907 (new)
Properly reflect MS krb5 mech in SPNEGO acceptor 2014-02-05T05:40:20+00:00 Greg Hudson ghudson@mit.edu 2014-02-04T02:11:34+00:00 8255613476d4c1583a5e810b50444f188fde871f r25590 changed negotiate_mech() to return an alias into the acceptor's mech set, with the unfortunate side effect of transforming the erroneous Microsoft krb5 mech OID into the correct krb5 mech OID, meaning that we answer with a different OID than the requested one. Return an alias into the initiator's mech set instead, and store that in mech_set field the SPNEGO context. The acceptor code only uses mech_set to hold the allocated storage pointed into by internal_mech, so this change is safe. ticket: 7858 target_version: 1.12.2 tags: pullup 
r25590 changed negotiate_mech() to return an alias into the acceptor's
mech set, with the unfortunate side effect of transforming the
erroneous Microsoft krb5 mech OID into the correct krb5 mech OID,
meaning that we answer with a different OID than the requested one.
Return an alias into the initiator's mech set instead, and store that
in mech_set field the SPNEGO context.  The acceptor code only uses
mech_set to hold the allocated storage pointed into by internal_mech,
so this change is safe.

ticket: 7858
target_version: 1.12.2
tags: pullup
Let SPNEGO display mechanism errors 2013-12-18T20:58:55+00:00 Simo Sorce simo@redhat.com 2013-12-17T21:15:14+00:00 d160bc733a3dbeb6d84f4e175234ff18738d9f66 To avoid potential recursion we use a thread local variable that tells us whether the ancestor was called via spnego_gss_display_name(). If we detect recursion, we assume that we returned a com_err code like ENOMEM and call error_message(); in the worst case that will result in an "Unknown error" message. [ghudson@mit.edu: Edited comments and commit message; removed an unneeded line of code.] ticket: 7045 target_version: 1.12.1 tags: pullup 
To avoid potential recursion we use a thread local variable that tells
us whether the ancestor was called via spnego_gss_display_name().  If
we detect recursion, we assume that we returned a com_err code like
ENOMEM and call error_message(); in the worst case that will result in
an "Unknown error" message.

[ghudson@mit.edu: Edited comments and commit message; removed an
unneeded line of code.]

ticket: 7045
target_version: 1.12.1
tags: pullup
Fix memory leak in SPNEGO initiator 2013-12-16T16:39:41+00:00 Simo Sorce simo@redhat.com 2013-12-13T17:00:41+00:00 1cda48a7ed4069cfc052f974ec3d76a9137c8c5a If we eliminate a mechanism from the initiator list because gss_init_sec_context fails, free the memory for that mech OID before removing it from the list. [ghudson@mit.edu: clarified commit message] ticket: 7803 (new) target_version: 1.12.1 tags: pullup 
If we eliminate a mechanism from the initiator list because
gss_init_sec_context fails, free the memory for that mech OID before
removing it from the list.

[ghudson@mit.edu: clarified commit message]

ticket: 7803 (new)
target_version: 1.12.1
tags: pullup
Remove unneeded check in SPNEGO initiator 2013-12-16T16:35:52+00:00 Greg Hudson ghudson@mit.edu 2013-12-16T16:35:42+00:00 1249c75810e3d5c33ba723c65a904ee914ca8048 In init_ctx_cont, if the response token contains no fields, we set a return value but don't actually quit out of the function. We do not need this check (we will fail later on if a piece of required information isn't present), so just remove it. Reported by simo@redhat.com. 
In init_ctx_cont, if the response token contains no fields, we set a
return value but don't actually quit out of the function.  We do not
need this check (we will fail later on if a piece of required
information isn't present), so just remove it.  Reported by
simo@redhat.com.
Fix SPNEGO one-hop interop against old IIS 2013-12-12T15:51:34+00:00 Greg Hudson ghudson@mit.edu 2013-12-10T17:04:18+00:00 37af638b742dbd642eb70092e4f7781c3f69d86d IIS 6.0 and similar return a zero length reponse buffer in the last SPNEGO packet when context initiation is performed without mutual authentication. In this case the underlying Kerberos mechanism has already completed successfully on the first invocation, and SPNEGO does not expect a mech response token in the answer. If we get an empty mech response token when the mech is complete during negotiation, ignore it. [ghudson@mit.edu: small code style and commit message changes] ticket: 7797 (new) target_version: 1.12.1 tags: pullup 
IIS 6.0 and similar return a zero length reponse buffer in the last
SPNEGO packet when context initiation is performed without mutual
authentication.  In this case the underlying Kerberos mechanism has
already completed successfully on the first invocation, and SPNEGO
does not expect a mech response token in the answer.  If we get an
empty mech response token when the mech is complete during
negotiation, ignore it.

[ghudson@mit.edu: small code style and commit message changes]

ticket: 7797 (new)
target_version: 1.12.1
tags: pullup