RT RT/krbdev.mit.edu: Ticket #6797 CVE-2010-1322 KDC uninitialized pointer crash in authorization data handling (MITKRB5-SA-2010-006) Signed in as guest.
[Logout]

[Home] [Search] [Configuration]

[Display] [History] [Basics] [Dates] [People] [Links] [Jumbo]

 
 

 The Basics  
Id
6797
Status
resolved
Worked
0 min
Priority
0/0
Queue
krb5
 

 Keyword Selections  
Component
Tags
Version_reported
Version_Fixed
  • 1.8.4
Target_Version
  • 1.8.4
 

 Relationships  
Depends on:
Depended on by:
Parents:
Children:

Refers to:
Referred to by:
 
 Dates  
Created: Tue Oct 5 17:05:19 2010
Starts: Not set
Started: Tue Oct 5 17:05:20 2010
Last Contact: Not set
Due: Not set
Updated: Wed Dec 16 18:02:56 2015 by tlyu
 

 People  
Owner
 tlyu
Requestors
 tlyu@mit.edu
Cc
 
AdminCc
 
 

 More about Taylor Yu  
Comments about this user:
No comment entered about this user
This user's 25 highest priority tickets:
 

History   Display mode: [Brief headers] [Full headers]
      Tue Oct  5 17:05:19 2010  tlyu - Ticket created    
     
From: tlyu@mit.edu
Subject: SVN Commit


When the KDC receives certain TGS-REQ messages, it may dereference an
uninitialized pointer while processing authorization data, causing a
crash, or in rare cases, unauthorized information disclosure, ticket
modification, or execution of arbitrary code.  The crash may be
triggered by legitimate requests.

Correctly implement the filtering of authorization data items to avoid
leaving uninitialized pointers when omitting items.

https://github.com/krb5/krb5/commit/26ff86b99636dfd136d93b5cc7e50623be4d70fa
Commit By: tlyu
Revision: 24429
Changed Files:
U   trunk/src/kdc/kdc_authdata.c


Download (untitled) 589b
      Tue Oct  5 17:05:20 2010  tlyu - Requestor tlyu@mit.edu added    
      Tue Oct  5 17:05:20 2010  tlyu - Status changed from new to review    
      Tue Oct  5 17:05:20 2010  tlyu - Tags pullup added    
      Tue Oct  5 18:32:35 2010  tlyu - Status changed from review to resolved    
      Tue Oct  5 18:32:35 2010  tlyu - Correspondence added    
     
From: tlyu@mit.edu
Subject: SVN Commit


pull up r24429 from trunk

 ------------------------------------------------------------------------
 r24429 | tlyu | 2010-10-05 17:05:19 -0400 (Tue, 05 Oct 2010) | 14 lines

 ticket: 6797
 subject: CVE-2010-1322 KDC uninitialized pointer crash in authorization data
handling (MITKRB5-SA-2010-006)
 tags: pullup
 target_version: 1.8.4

 When the KDC receives certain TGS-REQ messages, it may dereference an
 uninitialized pointer while processing authorization data, causing a
 crash, or in rare cases, unauthorized information disclosure, ticket
 modification, or execution of arbitrary code.  The crash may be
 triggered by legitimate requests.

 Correctly implement the filtering of authorization data items to avoid
 leaving uninitialized pointers when omitting items.

https://github.com/krb5/krb5/commit/315147a989c6fde20e09a69711fda1bc5cc5fcaa
Commit By: tlyu
Revision: 24431
Changed Files:
U   branches/krb5-1-8/src/kdc/kdc_authdata.c


Download (untitled) 944b
      Thu Oct  7 17:28:54 2010  tlyu - Version_Fixed 1.8.4 added    
      Thu Oct  7 17:28:54 2010  tlyu - Target_Version 1.8.4 added    
      Wed Dec 16 18:02:56 2015  tlyu - Keyword pullup deleted