Skip Menu |
 

From: tlyu@mit.edu
Subject: SVN Commit

The SPNEGO implementation in krb5-1.7 and later could crash due to
assertion failure when receiving some sorts of invalid GSS-API tokens.

https://github.com/krb5/krb5/commit/5870741b66ecc00855198642342da76bf74c3078
Commit By: tlyu
Revision: 23832
Changed Files:
U trunk/src/lib/gssapi/spnego/spnego_mech.c
From: tlyu@mit.edu
Subject: SVN Commit

pull up r23832 from trunk

------------------------------------------------------------------------
r23832 | tlyu | 2010-03-23 11:53:52 -0700 (Tue, 23 Mar 2010) | 8 lines

ticket: 6690
target_version: 1.8.1
tags: pullup
subject: MITKRB5-SA-2010-002 CVE-2010-0628 denial of service in SPNEGO

The SPNEGO implementation in krb5-1.7 and later could crash due to
assertion failure when receiving some sorts of invalid GSS-API tokens.

https://github.com/krb5/krb5/commit/8096a4aa162f87aaf2129a7300a3645518074b13
Commit By: tlyu
Revision: 23833
Changed Files:
U branches/krb5-1-8/src/lib/gssapi/spnego/spnego_mech.c