Skip Menu |
 

From: tlyu@mit.edu
Subject: SVN Commit

pull up r23832 from trunk

------------------------------------------------------------------------
r23832 | tlyu | 2010-03-23 14:53:52 -0400 (Tue, 23 Mar 2010) | 8 lines

ticket: 6690
target_version: 1.8.1
tags: pullup
subject: MITKRB5-SA-2010-002 CVE-2010-0628 denial of service in SPNEGO

The SPNEGO implementation in krb5-1.7 and later could crash due to
assertion failure when receiving some sorts of invalid GSS-API tokens.

https://github.com/krb5/krb5/commit/9c0f73bd27b7778435f32e8c5dbec97ffb00109e
Commit By: tlyu
Revision: 23850
Changed Files:
U branches/krb5-1-7/src/lib/gssapi/spnego/spnego_mech.c