Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.427 (Entity 5.427) From: tlyu@mit.edu Subject: SVN Commit RT-Send-CC: X-RT-Original-Encoding: iso-8859-1 Content-Length: 944 pull up r24429 from trunk ------------------------------------------------------------------------ r24429 | tlyu | 2010-10-05 17:05:19 -0400 (Tue, 05 Oct 2010) | 14 lines ticket: 6797 subject: CVE-2010-1322 KDC uninitialized pointer crash in authorization data handling (MITKRB5-SA-2010-006) tags: pullup target_version: 1.8.4 When the KDC receives certain TGS-REQ messages, it may dereference an uninitialized pointer while processing authorization data, causing a crash, or in rare cases, unauthorized information disclosure, ticket modification, or execution of arbitrary code. The crash may be triggered by legitimate requests. Correctly implement the filtering of authorization data items to avoid leaving uninitialized pointers when omitting items. https://github.com/krb5/krb5/commit/315147a989c6fde20e09a69711fda1bc5cc5fcaa Commit By: tlyu Revision: 24431 Changed Files: U branches/krb5-1-8/src/kdc/kdc_authdata.c