From nobody Wed Feb 21 13:43:13 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TfyCQ0Ghdz5CCp2; Wed, 21 Feb 2024 13:43:14 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4TfyCP6lbPz4cbq; Wed, 21 Feb 2024 13:43:13 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1708522994; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=MyiLWUa46bVGY2bVO2tSDoDnwkjbv1rHA6txLrmVmnY=; b=Cg8zaImvEspIUjL3VI+y+u0/hToNjsStwBFn8KePbXKoSN6mgXcez+urjIUBf+jJp+dMLg Uw0nnJqH3G7vcdtNiRcXUUbLfZrMHDtj1wQtB9QR6uUGwTHxIfBQcRWZieEW79y6upM2fK /ac43hpjnXVKmoS+IQoDoy9Y3Oie0CnspSaA6MV50kZJvh64z3d02x47LdwHd4fI3bFs14 BVcv6XUkT9sPRPqo5uCYybI7NeTF1tqkfKCdUUgIi8/cb2VJAjaUZA9u719NMIO+i/RNBY U+IJI1VviIIq3ix7NpipUWTP7x67J9JqGWeOy/IPgGlIivUmBmIeG+WXnWm+Rg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1708522994; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=MyiLWUa46bVGY2bVO2tSDoDnwkjbv1rHA6txLrmVmnY=; b=Jq8i9WNiWJLXH+h4TTEX6JaI7F8Q5OmK+aXpQR1mEDOuh0B1zPv9fBGPWnpPTMbIkQTTtX 93BAJp4MIQ0ncfbDrXlophrRdsUtQ4ypQUmzAXskpF3RYno62HA5pR9ceANDHLtnTnn9mn ycdT2Alrk/66VdsJlA0AGsYycoMr83B58vNxjtay2bfDDD4lUFPuQlARRDzr/yXIifNJTM Cz70u25KHKdtDeay8E66dLPYZuij3Q2d9VeYyCS3lBY9Utcty7czyEuul6JwLavT1OvSrR oWW1Zee5fl7ofASpjQKiHrFWMkWKYS3wcMB1YIJtkIQoqrI1aZM/CSazFOhfvw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1708522994; a=rsa-sha256; cv=none; b=pbi8vjFLs0klGLiXxELdOo7aptk7XDx+WbZI+bGLWgrgKmot4cMM1RAH+hziiRV9LC7jqd /SnokR4qVY3U9XOmAcYLcgo/iMWiTrTTuP4mEvsg7rdze7LVEldVlbrHPnOzViMBvkILgY nJ8PUN2Wj2zkty3oj7nYR2FjiQDB65NKa8+LXK7LQKQ2onhF5dpjxGMT5wF5oDXkuuMD0E ZBTuhIWczg9LjU7ibFFhBtNnwMOVUYkyhjijwCZgc4Dgxji7dXy5Meucqjkr/tPlIXX+1l r5UALegkzjKa6eZPokoqc899HlipjuHI+1D6WqlPRjpOJJo1wrjp+tPxN+aRQw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4TfyCP5Wj8z14L2; Wed, 21 Feb 2024 13:43:13 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 41LDhD9J048335; Wed, 21 Feb 2024 13:43:13 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 41LDhDDf048332; Wed, 21 Feb 2024 13:43:13 GMT (envelope-from git) Date: Wed, 21 Feb 2024 13:43:13 GMT Message-Id: <202402211343.41LDhDDf048332@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Cy Schubert Subject: git: 5482dc8b9eaf - stable/14 - Heimdal: CVE-2018-16860 Heimdal KDC: Reject PA-S4U2Self with unkeyed checksum List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: cy X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 5482dc8b9eaf455f4633a436460371f00fd1c355 Auto-Submitted: auto-generated The branch stable/14 has been updated by cy: URL: https://cgit.FreeBSD.org/src/commit/?id=5482dc8b9eaf455f4633a436460371f00fd1c355 commit 5482dc8b9eaf455f4633a436460371f00fd1c355 Author: Cy Schubert AuthorDate: 2024-02-14 20:04:30 +0000 Commit: Cy Schubert CommitDate: 2024-02-21 13:42:58 +0000 Heimdal: CVE-2018-16860 Heimdal KDC: Reject PA-S4U2Self with unkeyed checksum Upstream's explanation of the problem: S4U2Self is an extension to Kerberos used in Active Directory to allow a service to request a kerberos ticket to itself from the Kerberos Key Distribution Center (KDC) for a non-Kerberos authenticated user (principal in Kerboros parlance). This is useful to allow internal code paths to be standardized around Kerberos. S4U2Proxy (constrained-delegation) is an extension of this mechanism allowing this impersonation to a second service over the network. It allows a privileged server that obtained a S4U2Self ticket to itself to then assert the identity of that principal to a second service and present itself as that principal to get services from the second service. There is a flaw in Samba's AD DC in the Heimdal KDC. When the Heimdal KDC checks the checksum that is placed on the S4U2Self packet by the server to protect the requested principal against modification, it does not confirm that the checksum algorithm that protects the user name (principal) in the request is keyed. This allows a man-in-the-middle attacker who can intercept the request to the KDC to modify the packet by replacing the user name (principal) in the request with any desired user name (principal) that exists in the KDC and replace the checksum protecting that name with a CRC32 checksum (which requires no prior knowledge to compute). This would allow a S4U2Self ticket requested on behalf of user name (principal) user@EXAMPLE.COM to any service to be changed to a S4U2Self ticket with a user name (principal) of Administrator@EXAMPLE.COM. This ticket would then contain the PAC of the modified user name (principal). Reported by: emaste Security: CVE-2018-16860 Obtained from: Upstream c6257cc2c (cherry picked from commit 24339377490f9e362d040712b534d2963decd2d7) --- crypto/heimdal/kdc/krb5tgs.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/crypto/heimdal/kdc/krb5tgs.c b/crypto/heimdal/kdc/krb5tgs.c index cde869522e23..cf1cd3dc1ad0 100644 --- a/crypto/heimdal/kdc/krb5tgs.c +++ b/crypto/heimdal/kdc/krb5tgs.c @@ -1892,6 +1892,13 @@ server_lookup: goto out; } + if (!krb5_checksum_is_keyed(context, self.cksum.cksumtype)) { + free_PA_S4U2Self(&self); + kdc_log(context, config, 0, "Reject PA-S4U2Self with unkeyed checksum"); + ret = KRB5KRB_AP_ERR_INAPP_CKSUM; + goto out; + } + ret = _krb5_s4u2self_to_checksumdata(context, &self, &datack); if (ret) goto out;