[11725] in Kerberos-V5-bugs

home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[krbdev.mit.edu #6797] SVN Commit

daemon@ATHENA.MIT.EDU (Tom Yu via RT)
Tue Oct 5 17:05:22 2010

Mail-followup-to: rt@krbdev.mit.edu
mail-copies-to: never
From: "Tom Yu via RT" <rt-comment@krbdev.MIT.EDU>
In-Reply-To: <rt-6797@krbdev.mit.edu>
Message-ID: <rt-6797-33216.3.03517558688576@krbdev.mit.edu>
To: "'AdminCc of krbdev.mit.edu Ticket #6797'":;"'AdminCc of krbdev.mit.edu Ticket #6797'":;@MIT.EDU
Date: Tue,  5 Oct 2010 17:05:20 -0400 (EDT)
Reply-To: rt-comment@krbdev.MIT.EDU
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu


When the KDC receives certain TGS-REQ messages, it may dereference an
uninitialized pointer while processing authorization data, causing a
crash, or in rare cases, unauthorized information disclosure, ticket
modification, or execution of arbitrary code.  The crash may be
triggered by legitimate requests.

Correctly implement the filtering of authorization data items to avoid
leaving uninitialized pointers when omitting items.

http://src.mit.edu/fisheye/changelog/krb5/?cs=24429
Commit By: tlyu
Revision: 24429
Changed Files:
U   trunk/src/kdc/kdc_authdata.c

_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs

home	help	back	first	fref	pref	prev	next	nref	lref	last	post