[11726] in Kerberos-V5-bugs
[krbdev.mit.edu #6797] SVN Commit
daemon@ATHENA.MIT.EDU (Tom Yu via RT)
Tue Oct 5 18:32:39 2010
Mail-followup-to: rt@krbdev.mit.edu
mail-copies-to: never
From: "Tom Yu via RT" <rt-comment@krbdev.MIT.EDU>
In-Reply-To: <rt-6797@krbdev.mit.edu>
Message-ID: <rt-6797-33222.16.1182236027187@krbdev.mit.edu>
To: "'AdminCc of krbdev.mit.edu Ticket #6797'":;"'AdminCc of krbdev.mit.edu Ticket #6797'":;@MIT.EDU
Date: Tue, 5 Oct 2010 18:32:35 -0400 (EDT)
Reply-To: rt-comment@krbdev.MIT.EDU
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
pull up r24429 from trunk
------------------------------------------------------------------------
r24429 | tlyu | 2010-10-05 17:05:19 -0400 (Tue, 05 Oct 2010) | 14 lines
ticket: 6797
subject: CVE-2010-1322 KDC uninitialized pointer crash in authorization data handling (MITKRB5-SA-2010-006)
tags: pullup
target_version: 1.8.4
When the KDC receives certain TGS-REQ messages, it may dereference an
uninitialized pointer while processing authorization data, causing a
crash, or in rare cases, unauthorized information disclosure, ticket
modification, or execution of arbitrary code. The crash may be
triggered by legitimate requests.
Correctly implement the filtering of authorization data items to avoid
leaving uninitialized pointers when omitting items.
http://src.mit.edu/fisheye/changelog/krb5/?cs=24431
Commit By: tlyu
Revision: 24431
Changed Files:
U branches/krb5-1-8/src/kdc/kdc_authdata.c
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
