[MEDIUM] Patch krb5 for CVE-2025-3576 (#14092)

Author: archana25-ms

SPECS/krb5/CVE-2025-3576.patch

@@ -0,0 +1,341 @@
+From 246f4b4deab5c635063d49c3d41951a7ab4a3a59 Mon Sep 17 00:00:00 2001
+From: archana25-ms <v-shettigara@microsoft.com>
+Date: Tue, 24 Jun 2025 12:44:27 +0000
+Subject: [PATCH] Address CVE-2025-3576
+Upstream Patch Reference:
+1. https://github.com/krb5/krb5/commit/1b57a4d134bbd0e7c52d5885a92eccc815726463
+2. https://github.com/krb5/krb5/commit/2cbd847e0e92bc4e219b65c770ae33f851b22afc
+
+
+---
+ doc/admin/conf_files/krb5_conf.rst | 12 ++++++++++++
+ doc/admin/enctypes.rst             | 23 +++++++++++++++++++---
+ src/include/k5-int.h               |  4 ++++
+ src/kdc/kdc_util.c                 | 14 ++++++++++++++
+ src/lib/krb5/krb/get_in_tkt.c      | 31 +++++++++++++++++++-----------
+ src/lib/krb5/krb/init_ctx.c        | 10 ++++++++++
+ src/tests/gssapi/t_enctypes.py     |  3 ++-
+ src/tests/t_etype_info.py          |  2 +-
+ src/tests/t_keyrollover.py         |  6 +++---
+ src/tests/t_sesskeynego.py         | 28 +++++++++++++++++++++++++--
+ src/util/k5test.py                 |  4 ++--
+ 11 files changed, 114 insertions(+), 23 deletions(-)
+
+diff --git a/doc/admin/conf_files/krb5_conf.rst b/doc/admin/conf_files/krb5_conf.rst
+index 6751759..e95fc53 100644
+--- a/doc/admin/conf_files/krb5_conf.rst
++++ b/doc/admin/conf_files/krb5_conf.rst
+@@ -95,6 +95,18 @@ Additionally, krb5.conf may include any of the relations described in
+ 
+ The libdefaults section may contain any of the following relations:
+ 
++**allow_des3**
++    Permit the KDC to issue tickets with des3-cbc-sha1 session keys.
++    In future releases, this flag will allow des3-cbc-sha1 to be used
++    at all.  The default value for this tag is false.  (Added in
++    release 1.21.)
++
++**allow_rc4**
++    Permit the KDC to issue tickets with arcfour-hmac session keys.
++    In future releases, this flag will allow arcfour-hmac to be used
++    at all.  The default value for this tag is false.  (Added in
++    release 1.21.)
++
+ **allow_weak_crypto**
+     If this flag is set to false, then weak encryption types (as noted
+     in :ref:`Encryption_types` in :ref:`kdc.conf(5)`) will be filtered
+diff --git a/doc/admin/enctypes.rst b/doc/admin/enctypes.rst
+index 694922c..dce19ad 100644
+--- a/doc/admin/enctypes.rst
++++ b/doc/admin/enctypes.rst
+@@ -48,12 +48,15 @@ Session key selection
+ The KDC chooses the session key enctype by taking the intersection of
+ its **permitted_enctypes** list, the list of long-term keys for the
+ most recent kvno of the service, and the client's requested list of
+-enctypes.
++enctypes.  Starting in krb5-1.21, all services are assumed to support
++aes256-cts-hmac-sha1-96; also, des3-cbc-sha1 and arcfour-hmac session
++keys will not be issued by default.
+ 
+ Starting in krb5-1.11, it is possible to set a string attribute on a
+ service principal to control what session key enctypes the KDC may
+-issue for service tickets for that principal.  See :ref:`set_string`
+-in :ref:`kadmin(1)` for details.
++issue for service tickets for that principal, overriding the service's
++long-term keys and the assumption of aes256-cts-hmac-sha1-96 support.
++See :ref:`set_string` in :ref:`kadmin(1)` for details.
+ 
+ 
+ Choosing enctypes for a service
+@@ -87,6 +90,20 @@ affect how enctypes are chosen.
+     acceptable risk for your environment and the weak enctypes are
+     required for backward compatibility.
+ 
++**allow_des3**
++    was added in release 1.21 and defaults to *false*.  Unless this
++    flag is set to *true*, the KDC will not issue tickets with
++    des3-cbc-sha1 session keys.  In a future release, this flag will
++    control whether des3-cbc-sha1 is permitted in similar fashion to
++    weak enctypes.
++
++**allow_rc4**
++    was added in release 1.21 and defaults to *false*.  Unless this
++    flag is set to *true*, the KDC will not issue tickets with
++    arcfour-hmac session keys.  In a future release, this flag will
++    control whether arcfour-hmac is permitted in similar fashion to
++    weak enctypes.
++
+ **permitted_enctypes**
+     controls the set of enctypes that a service will permit for
+     session keys and for ticket and authenticator encryption.  The KDC
+diff --git a/src/include/k5-int.h b/src/include/k5-int.h
+index cf52425..e778340 100644
+--- a/src/include/k5-int.h
++++ b/src/include/k5-int.h
+@@ -180,6 +180,8 @@ typedef unsigned char   u_char;
+  * matches the variable name.  Keep these alphabetized. */
+ #define KRB5_CONF_ACL_FILE                     "acl_file"
+ #define KRB5_CONF_ADMIN_SERVER                 "admin_server"
++#define KRB5_CONF_ALLOW_DES3                   "allow_des3"
++#define KRB5_CONF_ALLOW_RC4                    "allow_rc4"
+ #define KRB5_CONF_ALLOW_WEAK_CRYPTO            "allow_weak_crypto"
+ #define KRB5_CONF_AUTH_TO_LOCAL                "auth_to_local"
+ #define KRB5_CONF_AUTH_TO_LOCAL_NAMES          "auth_to_local_names"
+@@ -1257,6 +1259,8 @@ struct _krb5_context {
+     struct _kdb_log_context *kdblog_context;
+ 
+     krb5_boolean allow_weak_crypto;
++    krb5_boolean allow_des3;
++    krb5_boolean allow_rc4;
+     krb5_boolean ignore_acceptor_hostname;
+     krb5_boolean enforce_ok_as_delegate;
+     enum dns_canonhost dns_canonicalize_hostname;
+diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c
+index 60f30c4..866bc2c 100644
+--- a/src/kdc/kdc_util.c
++++ b/src/kdc/kdc_util.c
+@@ -929,6 +929,10 @@ dbentry_supports_enctype(kdc_realm_t *kdc_active_realm, krb5_db_entry *server,
+     free(etypes_str);
+     free(etypes);
+ 
++    /* Assume every server without a session_enctypes attribute supports
++     * aes256-cts-hmac-sha1-96. */
++    if (enctype == ENCTYPE_AES256_CTS_HMAC_SHA1_96)
++        return TRUE;
+     /* Assume the server supports any enctype it has a long-term key for. */
+     return !krb5_dbe_find_enctype(kdc_context, server, enctype, -1, 0, &datap);
+ }
+@@ -951,6 +955,16 @@ select_session_keytype(kdc_realm_t *kdc_active_realm, krb5_db_entry *server,
+         if (!krb5_is_permitted_enctype(kdc_context, ktype[i]))
+             continue;
+ 
++        /*
++         * Prevent these deprecated enctypes from being used as session keys
++         * unless they are explicitly allowed.  In the future they will be more
++         * comprehensively disabled and eventually removed.
++         */
++        if (ktype[i] == ENCTYPE_DES3_CBC_SHA1 && !kdc_context->allow_des3)
++            continue;
++        if (ktype[i] == ENCTYPE_ARCFOUR_HMAC && !kdc_context->allow_rc4)
++            continue;
++
+         if (dbentry_supports_enctype(kdc_active_realm, server, ktype[i]))
+             return ktype[i];
+     }
+diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c
+index 5695187..71e610e 100644
+--- a/src/lib/krb5/krb/get_in_tkt.c
++++ b/src/lib/krb5/krb/get_in_tkt.c
+@@ -1589,22 +1589,31 @@ warn_pw_expiry(krb5_context context, krb5_get_init_creds_opt *options,
+     (*prompter)(context, data, 0, banner, 0, 0);
+ }
+ 
+-/* Display a warning via the prompter if des3-cbc-sha1 was used for either the
+- * reply key or the session key. */
++/* Display a warning via the prompter if a deprecated enctype was used for
++ * either the reply key or the session key. */
+ static void
+-warn_des3(krb5_context context, krb5_init_creds_context ctx,
+-          krb5_enctype as_key_enctype)
++warn_deprecated(krb5_context context, krb5_init_creds_context ctx,
++                krb5_enctype as_key_enctype)
+ {
+-    const char *banner;
++    krb5_enctype etype;
++    char encbuf[128], banner[256];
+ 
+-    if (as_key_enctype != ENCTYPE_DES3_CBC_SHA1 &&
+-        ctx->cred.keyblock.enctype != ENCTYPE_DES3_CBC_SHA1)
+-        return;
+     if (ctx->prompter == NULL)
+         return;
+ 
+-    banner = _("Warning: encryption type des3-cbc-sha1 used for "
+-               "authentication is weak and will be disabled");
++    if (krb5int_c_deprecated_enctype(as_key_enctype))
++        etype = as_key_enctype;
++    else if (krb5int_c_deprecated_enctype(ctx->cred.keyblock.enctype))
++        etype = ctx->cred.keyblock.enctype;
++    else
++        return;
++
++    if (krb5_enctype_to_name(etype, FALSE, encbuf, sizeof(encbuf)) != 0)
++        return;
++    snprintf(banner, sizeof(banner),
++             _("Warning: encryption type %s used for authentication is "
++               "deprecated and will be disabled"), encbuf);
++
+     /* PROMPTER_INVOCATION */
+     (*ctx->prompter)(context, ctx->prompter_data, NULL, banner, 0, NULL);
+ }
+@@ -1822,7 +1831,7 @@ init_creds_step_reply(krb5_context context,
+     ctx->complete = TRUE;
+     warn_pw_expiry(context, ctx->opt, ctx->prompter, ctx->prompter_data,
+                    ctx->in_tkt_service, ctx->reply);
+-    warn_des3(context, ctx, encrypting_key.enctype);
++    warn_deprecated(context, ctx, encrypting_key.enctype);
+ 
+ cleanup:
+     krb5_free_pa_data(context, kdc_padata);
+diff --git a/src/lib/krb5/krb/init_ctx.c b/src/lib/krb5/krb/init_ctx.c
+index aa35baa..f8de175 100644
+--- a/src/lib/krb5/krb/init_ctx.c
++++ b/src/lib/krb5/krb/init_ctx.c
+@@ -227,6 +227,16 @@ krb5_init_context_profile(profile_t profile, krb5_flags flags,
+         goto cleanup;
+     ctx->allow_weak_crypto = tmp;
+ 
++    retval = get_boolean(ctx, KRB5_CONF_ALLOW_DES3, 0, &tmp);
++    if (retval)
++        goto cleanup;
++    ctx->allow_des3 = tmp;
++
++    retval = get_boolean(ctx, KRB5_CONF_ALLOW_RC4, 0, &tmp);
++    if (retval)
++        goto cleanup;
++    ctx->allow_rc4 = tmp;
++
+     retval = get_boolean(ctx, KRB5_CONF_IGNORE_ACCEPTOR_HOSTNAME, 0, &tmp);
+     if (retval)
+         goto cleanup;
+diff --git a/src/tests/gssapi/t_enctypes.py b/src/tests/gssapi/t_enctypes.py
+index 7494d7f..f5f1184 100755
+--- a/src/tests/gssapi/t_enctypes.py
++++ b/src/tests/gssapi/t_enctypes.py
+@@ -18,7 +18,8 @@ d_rc4 = 'DEPRECATED:arcfour-hmac'
+ # These tests make assumptions about the default enctype lists, so set
+ # them explicitly rather than relying on the library defaults.
+ supp='aes256-cts:normal aes128-cts:normal des3-cbc-sha1:normal rc4-hmac:normal'
+-conf = {'libdefaults': {'permitted_enctypes': 'aes des3 rc4'},
++conf = {'libdefaults': {'permitted_enctypes': 'aes des3 rc4',
++                        'allow_des3': 'true', 'allow_rc4': 'true'},
+         'realms': {'$realm': {'supported_enctypes': supp}}}
+ realm = K5Realm(krb5_conf=conf)
+ shutil.copyfile(realm.ccache, os.path.join(realm.testdir, 'save'))
+diff --git a/src/tests/t_etype_info.py b/src/tests/t_etype_info.py
+index c982508..38cf96c 100644
+--- a/src/tests/t_etype_info.py
++++ b/src/tests/t_etype_info.py
+@@ -1,7 +1,7 @@
+ from k5test import *
+ 
+ supported_enctypes = 'aes128-cts des3-cbc-sha1 rc4-hmac'
+-conf = {'libdefaults': {'allow_weak_crypto': 'true'},
++conf = {'libdefaults': {'allow_des3': 'true', 'allow_rc4': 'true'},
+         'realms': {'$realm': {'supported_enctypes': supported_enctypes}}}
+ realm = K5Realm(create_host=False, get_creds=False, krb5_conf=conf)
+ 
+diff --git a/src/tests/t_keyrollover.py b/src/tests/t_keyrollover.py
+index 2c825a6..e9840df 100755
+--- a/src/tests/t_keyrollover.py
++++ b/src/tests/t_keyrollover.py
+@@ -22,9 +22,9 @@ realm.run([kvno, princ1])
+ realm.run([kadminl, 'purgekeys', realm.krbtgt_princ])
+ # Make sure an old TGT fails after purging old TGS key.
+ realm.run([kvno, princ2], expected_code=1)
+-et = "aes128-cts-hmac-sha256-128"
+-msg = 'krbtgt/%s@%s\n\tEtype (skey, tkt): %s, %s' % \
+-    (realm.realm, realm.realm, et, et)
++msg = 'krbtgt/%s@%s\n\tEtype (skey, tkt): ' \
++    'aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha256-128' % \
++    (realm.realm, realm.realm)
+ realm.run([klist, '-e'], expected_msg=msg)
+ 
+ # Check that new key actually works.
+diff --git a/src/tests/t_sesskeynego.py b/src/tests/t_sesskeynego.py
+index 9024aee..5a21361 100755
+--- a/src/tests/t_sesskeynego.py
++++ b/src/tests/t_sesskeynego.py
+@@ -25,6 +25,8 @@ conf3 = {'libdefaults': {
+         'default_tkt_enctypes': 'aes128-cts',
+         'default_tgs_enctypes': 'rc4-hmac,aes128-cts'}}
+ conf4 = {'libdefaults': {'permitted_enctypes': 'aes256-cts'}}
++conf5 = {'libdefaults': {'allow_rc4': 'true'}}
++conf6 = {'libdefaults': {'allow_des3': 'true'}}
+ # Test with client request and session_enctypes preferring aes128, but
+ # aes256 long-term key.
+ realm = K5Realm(krb5_conf=conf1, create_host=False, get_creds=False)
+@@ -54,10 +56,12 @@ realm.run([kadminl, 'setstr', 'server', 'session_enctypes',
+            'aes128-cts,aes256-cts'])
+ test_kvno(realm, 'aes128-cts-hmac-sha1-96', 'aes256-cts-hmac-sha1-96')
+ 
+-# 3b: Negotiate rc4-hmac session key when principal only has aes256 long-term.
++# 3b: Skip RC4 (as the KDC does not allow it for session keys by
++# default) and negotiate aes128-cts session key, with only an aes256
++# long-term service key.
+ realm.run([kadminl, 'setstr', 'server', 'session_enctypes',
+            'rc4-hmac,aes128-cts,aes256-cts'])
+-test_kvno(realm, 'DEPRECATED:arcfour-hmac', 'aes256-cts-hmac-sha1-96')
++test_kvno(realm, 'aes128-cts-hmac-sha1-96', 'aes256-cts-hmac-sha1-96')
+ realm.stop()
+ 
+ # 4: Check that permitted_enctypes is a default for session key enctypes.
+@@ -67,4 +71,24 @@ realm.run([kvno, 'user'],
+           expected_trace=('etypes requested in TGS request: aes256-cts',))
+ realm.stop()
+ 
++# 5: allow_rc4 permits negotiation of rc4-hmac session key.
++realm = K5Realm(krb5_conf=conf5, create_host=False, get_creds=False)
++realm.run([kadminl, 'addprinc', '-randkey', '-e', 'aes256-cts', 'server'])
++realm.run([kadminl, 'setstr', 'server', 'session_enctypes', 'rc4-hmac'])
++test_kvno(realm, 'DEPRECATED:arcfour-hmac', 'aes256-cts-hmac-sha1-96')
++realm.stop()
++
++# 6: allow_des3 permits negotiation of des3-cbc-sha1 session key.
++realm = K5Realm(krb5_conf=conf6, create_host=False, get_creds=False)
++realm.run([kadminl, 'addprinc', '-randkey', '-e', 'aes256-cts', 'server'])
++realm.run([kadminl, 'setstr', 'server', 'session_enctypes', 'des3-cbc-sha1'])
++test_kvno(realm, 'DEPRECATED:des3-cbc-sha1', 'aes256-cts-hmac-sha1-96')
++realm.stop()
++
++# 7: default config negotiates aes256-sha1 session key for RC4-only service.
++realm = K5Realm(create_host=False, get_creds=False)
++realm.run([kadminl, 'addprinc', '-randkey', '-e', 'rc4-hmac', 'server'])
++test_kvno(realm, 'aes256-cts-hmac-sha1-96', 'DEPRECATED:arcfour-hmac')
++realm.stop()
++
+ success('sesskeynego')
+diff --git a/src/util/k5test.py b/src/util/k5test.py
+index 6afe4b9..bdad1e6 100644
+--- a/src/util/k5test.py
++++ b/src/util/k5test.py
+@@ -1280,14 +1280,14 @@ _passes = [
+ 
+     # Exercise the DES3 enctype.
+     ('des3', None,
+-     {'libdefaults': {'permitted_enctypes': 'des3'}},
++     {'libdefaults': {'permitted_enctypes': 'des3 aes256-sha1'}},
+      {'realms': {'$realm': {
+                     'supported_enctypes': 'des3-cbc-sha1:normal',
+                     'master_key_type': 'des3-cbc-sha1'}}}),
+ 
+     # Exercise the arcfour enctype.
+     ('arcfour', None,
+-     {'libdefaults': {'permitted_enctypes': 'rc4'}},
++     {'libdefaults': {'permitted_enctypes': 'rc4 aes256-sha1'}},
+      {'realms': {'$realm': {
+                     'supported_enctypes': 'arcfour-hmac:normal',
+                     'master_key_type': 'arcfour-hmac'}}}),
+-- 
+2.45.3
+

SPECS/krb5/krb5.spec

@@ -5,7 +5,7 @@ Summary:        The Kerberos newtork authentication system
 Name:           krb5
 Epoch:          1
 Version:        1.19.4
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -16,6 +16,7 @@ Source1:        krb5.conf
 Patch0:         CVE-2023-36054.patch
 Patch1:         CVE-2024-26461.patch
 Patch2:         CVE-2024-37370.patch
+Patch3:         CVE-2025-3576.patch
 BuildRequires:  e2fsprogs-devel
 BuildRequires:  openssl-devel
 Requires:       e2fsprogs-libs
@@ -130,6 +131,9 @@ make check
 %{_datarootdir}/locale/*
 
 %changelog
+* Tue Jun 24 2025 Archana Shettigar <v-shettigara@microsoft.com> - 1:1.19.4-4
+- Patch CVE-2025-3576
+
 * Thu Sep 12 2024 Adit Jha <aditjha@microsoft.com> - 1:1.19.4-3
 - Revert to 1.19.4, add epoch and add patch for CVE-2024-37371 and CVE-2024-37370
 

toolkit/resources/manifests/package/pkggen_core_aarch64.txt

@@ -188,7 +188,7 @@ libsolv-0.7.24-1.cm2.aarch64.rpm
 libsolv-devel-0.7.24-1.cm2.aarch64.rpm
 libssh2-1.9.0-4.cm2.aarch64.rpm
 libssh2-devel-1.9.0-4.cm2.aarch64.rpm
-krb5-1.19.4-3.cm2.aarch64.rpm
+krb5-1.19.4-4.cm2.aarch64.rpm
 nghttp2-1.57.0-2.cm2.aarch64.rpm
 curl-8.8.0-6.cm2.aarch64.rpm
 curl-devel-8.8.0-6.cm2.aarch64.rpm

toolkit/resources/manifests/package/pkggen_core_x86_64.txt

@@ -188,7 +188,7 @@ libsolv-0.7.24-1.cm2.x86_64.rpm
 libsolv-devel-0.7.24-1.cm2.x86_64.rpm
 libssh2-1.9.0-4.cm2.x86_64.rpm
 libssh2-devel-1.9.0-4.cm2.x86_64.rpm
-krb5-1.19.4-3.cm2.x86_64.rpm
+krb5-1.19.4-4.cm2.x86_64.rpm
 nghttp2-1.57.0-2.cm2.x86_64.rpm
 curl-8.8.0-6.cm2.x86_64.rpm
 curl-devel-8.8.0-6.cm2.x86_64.rpm