Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.427 (Entity 5.427) From: tlyu@mit.edu Subject: git commit RT-Send-CC: X-RT-Original-Encoding: iso-8859-1 Content-Length: 880 Check for null kadm5 policy name [CVE-2015-8630] In kadm5_create_principal_3() and kadm5_modify_principal(), check for entry->policy being null when KADM5_POLICY is included in the mask. CVE-2015-8630: In MIT krb5 1.12 and later, an authenticated attacker with permission to modify a principal entry can cause kadmind to dereference a null pointer by supplying a null policy value but including KADM5_POLICY in the mask. CVSSv2 Vector: AV:N/AC:H/Au:S/C:N/I:N/A:C/E:POC/RL:OF/RC:C (cherry picked from commit b863de7fbf080b15e347a736fdda0a82d42f4f6b) https://github.com/krb5/krb5/commit/46ed05100ed8b0a82e047089cec94147ff471fb1 Author: Greg Hudson Committer: Tom Yu Commit: 46ed05100ed8b0a82e047089cec94147ff471fb1 Branch: krb5-1.14 src/lib/kadm5/srv/svr_principal.c | 12 ++++++++---- 1 files changed, 8 insertions(+), 4 deletions(-)