-----BEGIN PGP SIGNED MESSAGE-----

                 MIT krb5 Security Advisory 2004-003

Original release: 2004-08-31

Topic: ASN.1 decoder denial of service

Severity: serious

SUMMARY
=======

The ASN.1 decoder library in the MIT Kerberos 5 distribution is
vulnerable to a denial-of-service attack causing an infinite loop in
the decoder.  The KDC is vulnerable to this attack.

IMPACT
======

* An unauthenticated remote attacker can cause a KDC or application
  server to hang inside an infinite loop.  [CAN-2004-0644]

* An attacker impersonating a legitimate KDC or application server may
  cause a client program to hang inside an infinite
  loop.  [CAN-2004-0644]

AFFECTED SOFTWARE
=================

* KDC software and applications from MIT Kerberos 5 releases
  krb5-1.2.2 through krb5-1.3.4.

* Applications using the MIT krb5 libraries from the above releases.

FIXES
=====

* The upcoming krb5-1.3.5 release will contain fixes for these
  problems.

* Apply the appropriate patch referenced below, and rebuild the software.

Patches available:

* Patch against krb5-1.3.4 (should apply to earlier krb5-1.3.x releases)

* Patch against krb5-1.2.8 (should apply to releases krb5-1.2.2
  through krb5-1.2.7 as well)

PATCH AGAINST krb5-1.3.4
========================

* This patch was generated against krb5-1.3.4; it may
  apply, with some offset, to earlier krb5-1.3.x releases.

  This patch may also be found at:

  http://web.mit.edu/kerberos/advisories/2004-003-patch_1.3.4.txt

  The associated detached PGP signature is at:

  http://web.mit.edu/kerberos/advisories/2004-003-patch_1.3.4.txt.asc

Index: src/lib/krb5/asn.1/asn1buf.c
===================================================================
RCS file: /cvs/krbdev/krb5/src/lib/krb5/asn.1/asn1buf.c,v
retrieving revision 5.24
*** src/lib/krb5/asn.1/asn1buf.c	12 Mar 2003 04:33:30 -0000	5.24
- --- src/lib/krb5/asn.1/asn1buf.c	23 Aug 2004 03:43:47 -0000
***************
*** 122,127 ****
- --- 122,129 ----
        return ASN1_OVERRUN;
    }
    while (nestlevel > 0) {
+     if (buf->bound - buf->next + 1 <= 0)
+       return ASN1_OVERRUN;
      retval = asn1_get_tag_2(buf, &t);
      if (retval) return retval;
      if (!t.indef) {

PATCH AGAINST krb5-1.2.8
========================

* This patch was generated against krb5-1.2.8; it may apply, with some
  offset, to releases krb5-1.2.2 through krb5-1.2.7.  You are strongly
  encouraged to update to a release from the krb5-1.3.x series.

  This patch may also be found at:

  http://web.mit.edu/kerberos/advisories/2004-003-patch_1.2.8.txt

  The associated detached PGP signature is at:

  http://web.mit.edu/kerberos/advisories/2004-003-patch_1.2.8.txt.asc

Index: src/lib/krb5/asn.1/asn1buf.c
===================================================================
RCS file: /cvs/krbdev/krb5/src/lib/krb5/asn.1/asn1buf.c,v
retrieving revision 5.19.2.1
diff -c -r5.19.2.1 asn1buf.c
*** src/lib/krb5/asn.1/asn1buf.c	31 Jan 2001 18:00:12 -0000	5.19.2.1
- --- src/lib/krb5/asn.1/asn1buf.c	23 Aug 2004 03:54:50 -0000
***************
*** 140,145 ****
- --- 140,147 ----
        return ASN1_OVERRUN;
    }
    while (nestlevel > 0) {
+     if (buf->bound - buf->next + 1 <= 0)
+       return ASN1_OVERRUN;
      retval = asn1_get_tag_indef(buf, &class, &construction, &tagnum,
  				&taglen, &tagindef);
      if (retval) return retval;

REFERENCES
==========

This announcement and related security advisories may be found on the
MIT Kerberos security advisory page at:

        http://web.mit.edu/kerberos/advisories/index.html

The main MIT Kerberos web page is at:

        http://web.mit.edu/kerberos/index.html

CERT VU#550464

        http://www.kb.cert.org/vuls/id/550464

CVE CAN-2004-0644

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0644

        ASN.1 decoder bug in MIT Kerberos 5 releases krb5-1.2.2
        through krb5-1.3.4 allows unauthenticated remote attackers to
        induce infinite loop, causing denial of service, including in
        KDC code

ACKNOWLEDGMENTS
===============

Thanks to Will Fiveash and Nico Williams at Sun for finding this
vulnerability.

DETAILS
=======

The ASN.1 decoder in the MIT krb5 library handles indefinite-length
BER encodings for the purpose of backwards compatibility with some
non-conformant implementations. The ASN.1 decoders call
asn1buf_sync() to skip any trailing unrecognized fields in the
encoding of a SEQUENCE type.  asn1buf_sync() calls asn1buf_skiptail()
if the ASN.1 SEQUENCE type being decoded was encoded with an
indefinite length.  asn1buf_sync() is provided with a prefetched BER
tag; a placeholder tag is provided by the prefetching code in the case
where there is are no more octets in a sub-encoding.

The loop in asn1buf_skiptail() which attempts to skip trailing
sub-encodings of an indefinite-length SEQUENCE type does not properly
check for end-of-subbuffer conditions or for the placeholder tag,
leading to an infinite loop.   Valid BER encodings cannot cause this
condition; however, it is trivial to construct a corrupt encoding
which will trigger the infinite loop.

REVISION HISTORY
================

2004-08-31      original release

Copyright (C) 2004 Massachusetts Institute of Technology
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (SunOS)

iQCVAwUBQTTAIKbDgE/zdoE9AQHyngP+OiwJxYxeHuhNjyXMyCr79mqJcsPP17DB
tsDgQ9jZiD0m+I7rgu+PmPJQfl8qgfEZsEsW5QXppJoC0gIICSqdWbYypXjVzEfh
N7g8ydTIOkKk5WP+ahisWyHiIWg/iX66dDLupzxufgb+1p/2CwoXgTszCBlQP67o
3LMSqXJGDfw=
=RAVs
-----END PGP SIGNATURE-----