RT RT/krbdev.mit.edu: Ticket #5998 use-after-free bugs [CVE-2010-0629] Signed in as guest.
[Logout]

[Home] [Search] [Configuration]

[Display] [History] [Basics] [Dates] [People] [Links] [Jumbo]

 
 

 The Basics  
Id
5998
Status
review
Worked
0 min
Priority
0/0
Queue
krb5
 

 Keyword Selections  
Component
Version_reported
Version_Fixed
  • 1.6.4
Target_Version
  • 1.6.4
Tags
  • pullup
 

 Relationships  
Depends on:
Depended on by:
Parents:
Children:

Refers to:
Referred to by:
 
 Dates  
Created: Thu Jun 26 23:33:24 2008
Starts: Not set
Started: Thu Jun 26 23:33:28 2008
Last Contact: Wed Jul 8 21:59:04 2009
Due: Not set
Updated: Wed Feb 24 22:25:57 2010 by tlyu
 

 People  
Owner
 raeburn
Requestors
 raeburn@mit.edu
Cc
 
AdminCc
 
 

 More about Ken Raeburn  
Comments about this user:
No comment entered about this user
This user's 25 highest priority tickets:
 

History   Display mode: [Brief headers] [Full headers]
      Thu Jun 26 23:33:24 2008  raeburn - Ticket created    
      
From: raeburn@mit.edu
Subject: SVN Commit


Fix some bugs with storage being used immediately after being freed.
None look like anything an attacker can really manipulate AFAICT.
Commit By: raeburn



Revision: 20485
Changed Files:
U   trunk/src/kadmin/server/server_stubs.c
U   trunk/src/kdc/network.c
U   trunk/src/lib/krb5/krb/mk_cred.c
U   trunk/src/slave/kprop.c

Download (untitled) 325b
      Thu Jun 26 23:33:28 2008  raeburn - Requestor raeburn@mit.edu added    
      Thu Jun 26 23:33:28 2008  raeburn - Status changed from new to resolved    
      Thu Jun 26 23:33:29 2008  raeburn - Tags pullup added    
      Thu Jun 26 23:33:29 2008  raeburn - Target_Version 1.6.4 added    
      Wed Jul  8 21:59:04 2009  tlyu - Status changed from resolved to review    
      Wed Jul  8 21:59:04 2009  tlyu - Version_Fixed 1.6.4 added    
      Wed Jul  8 21:59:04 2009  tlyu - Correspondence added    
      
From: tlyu@mit.edu
Subject: SVN Commit


pull up r20485 from trunk
 ------------------------------------------------------------------------
 r20485 | raeburn | 2008-06-26 23:33:14 -0400 (Thu, 26 Jun 2008) | 8 lines

 ticket: new
 target_version: 1.6.4
 tags: pullup
 subject: use-after-free bugs

 Fix some bugs with storage being used immediately after being freed.
 None look like anything an attacker can really manipulate AFAICT.

http://src.mit.edu/fisheye/changelog/krb5/?cs=22427
Commit By: tlyu
Revision: 22427
Changed Files:
U   branches/krb5-1-6/src/kadmin/server/server_stubs.c
U   branches/krb5-1-6/src/kdc/network.c
U   branches/krb5-1-6/src/lib/krb5/krb/mk_cred.c
U   branches/krb5-1-6/src/slave/kprop.c

Download (untitled) 679b
      Wed Feb 24 22:25:57 2010  tlyu - Subject changed from use-after-free bugs to use-after-free bugs [CVE-2010-0629]    
      Wed Feb 24 22:25:57 2010  tlyu - Comments added    
      
Assigned CVE-2010-0629 to the kadmind issue; it can cause a denial of service (but
requires
authentication).  Also http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567052

CVSSv2 metrics:

AV:N/AC:L/Au:S/C:N/I:N/A:C/E:POC/RL:OF/RC:C

http://nvd.nist.gov/cvss.cfm?
calculator&adv&version=2&vector=(AV:N/AC:L/Au:S/C:N/I:N/A:C/E:P/RL:O/RC:C)

Download (untitled) 339b