Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 30 Mar 2015 17:00:21 +0200
From: Sebastian Krahmer <>
Subject: Re: CVS-Request: realmd code execution/auth bypass

On Wed, Mar 25, 2015 at 04:36:52PM -0400, wrote:
> Hash: SHA1
> > Upstream has opened two bugs for issues in realmd
> This initial response has a CVE ID only for the second one.
> > could lead to remote attackers logging into the local system
> > by placing an evil AD server in the LAN
> >
> Is upstream planning to announce this as a vulnerability fix? Although
> the old behavior was unsafe if there was any possibility of an
> untrusted device on the LAN, it appears that the old behavior had been
> intentional. For example, the old behavior may have been chosen as a
> security/convenience tradeoff. This example might be applicable:

Are CVE's only assigned if upstream is issuing fixes? The bug
entry reads like that there is something that needs fixing:

Attackers can pose as a legit realm (with the same name) so the admin is tricked to
join to a rogue AD, allowing an attacker to log into the machine.
The admin has no chance to know that he joined an evil AD which
has hijacked his legit realm-name.
Even when its intentional that the join is automatic for convenience,
it should "somehow" be ensured that the legit AD servers are used.



~ perl
~ $_='print"\$_=\47$_\47;eval"';eval
~ - SuSE Security Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ