[17000] in Kerberos-V5-bugs
[krbdev.mit.edu #9159] git commit
daemon@ATHENA.MIT.EDU (Greg Hudson via RT)
Tue Jan 28 22:25:01 2025
From: "Greg Hudson via RT" <rt-comment@krbdev.mit.edu>
In-Reply-To:
Message-ID: <rt-4.4.3-2-2916910-1738121094-1153.9159-4-0@mit.edu>
To: "AdminCc of krbdev.mit.edu Ticket #9159":;
Date: Tue, 28 Jan 2025 22:24:54 -0500
MIME-Version: 1.0
Reply-To: rt-comment@krbdev.mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
Tue Jan 28 22:24:54 2025: Request 9159 was acted upon.
Transaction: Ticket created by ghudson@mit.edu
Queue: krb5
Subject: git commit
Owner: ghudson@mit.edu
Requestors:
Status: new
Ticket <URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=9159 >
Prevent overflow when calculating ulog block size
In kdb_log.c:resize(), log an error and fail if the update size is
larger than the largest possible block size (2^16-1).
CVE-2025-24528:
In MIT krb5 release 1.7 and later with incremental propagation
enabled, an authenticated attacker can cause kadmind to write beyond
the end of the mapped region for the iprop log file, likely causing a
process crash.
[ghudson@mit.edu: edited commit message and added CVE description]
https://github.com/krb5/krb5/commit/78ceba024b64d49612375be4a12d1c066b0bfbd0
Author: Zoltan Borbely <Zoltan.Borbely@morganstanley.com>
Committer: Greg Hudson <ghudson@mit.edu>
Commit: 78ceba024b64d49612375be4a12d1c066b0bfbd0
Branch: master
src/lib/kdb/kdb_log.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
