Ticket History #5998: use-after-free bugs [CVE-2010-0629]

# Thu Jun 26 23:33:24 2008 raeburn (Ken Raeburn) - Ticket created

From:	raeburn@mit.edu
Subject:	SVN Commit

Download (untitled) / with headers
text/plain 325B

Fix some bugs with storage being used immediately after being freed.
None look like anything an attacker can really manipulate AFAICT.
Commit By: raeburn

Revision: 20485
Changed Files:
U trunk/src/kadmin/server/server_stubs.c
U trunk/src/kdc/network.c
U trunk/src/lib/krb5/krb/mk_cred.c
U trunk/src/slave/kprop.c

# Thu Jun 26 23:33:28 2008 raeburn (Ken Raeburn) - Requestor raeburn (Ken Raeburn) added

# Thu Jun 26 23:33:28 2008 raeburn (Ken Raeburn) - Status changed from 'new' to 'resolved'

# Thu Jun 26 23:33:29 2008 raeburn (Ken Raeburn) - Tags pullup added

# Thu Jun 26 23:33:29 2008 raeburn (Ken Raeburn) - Target_Version 1.6.4 added

# Wed Jul 08 21:59:04 2009 tlyu (Taylor Yu) - Status changed from 'resolved' to 'review'

# Wed Jul 08 21:59:04 2009 tlyu (Taylor Yu) - Version_Fixed 1.6.4 added

# Wed Jul 08 21:59:04 2009 tlyu (Taylor Yu) - Correspondence added

From:	tlyu@mit.edu
Subject:	SVN Commit

Download (untitled) / with headers
text/plain 704B

pull up r20485 from trunk
------------------------------------------------------------------------
r20485 | raeburn | 2008-06-26 23:33:14 -0400 (Thu, 26 Jun 2008) | 8 lines

ticket: new
target_version: 1.6.4
tags: pullup
subject: use-after-free bugs

Fix some bugs with storage being used immediately after being freed.
None look like anything an attacker can really manipulate AFAICT.

https://github.com/krb5/krb5/commit/babf3f6cbb1c508e66e4431527e55be8d02eeac8
Commit By: tlyu
Revision: 22427
Changed Files:
U branches/krb5-1-6/src/kadmin/server/server_stubs.c
U branches/krb5-1-6/src/kdc/network.c
U branches/krb5-1-6/src/lib/krb5/krb/mk_cred.c
U branches/krb5-1-6/src/slave/kprop.c

# Wed Feb 24 22:25:57 2010 tlyu (Taylor Yu) - Subject changed from 'use-after-free bugs' to 'use-after-free bugs [CVE-2010-0629]'

# Wed Feb 24 22:25:57 2010 tlyu (Taylor Yu) - Comments added

Download (untitled) / with headers
text/plain 339B

Assigned CVE-2010-0629 to the kadmind issue; it can cause a denial of service (but requires
authentication). Also http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567052

CVSSv2 metrics:

AV:N/AC:L/Au:S/C:N/I:N/A:C/E:POC/RL:OF/RC:C

http://nvd.nist.gov/cvss.cfm?
calculator&adv&version=2&vector=(AV:N/AC:L/Au:S/C:N/I:N/A:C/E:P/RL:O/RC:C)

# Wed Dec 16 18:02:52 2015 tlyu (Taylor Yu) - CustomField pullup deleted

# Sun Sep 24 20:39:51 2017 ghudson@mit.edu (Greg Hudson) - Status changed from 'review' to 'resolved'