Skip Menu |
 

From: tlyu@mit.edu
Subject: SVN Commit

When the KDC receives certain TGS-REQ messages, it may dereference an
uninitialized pointer while processing authorization data, causing a
crash, or in rare cases, unauthorized information disclosure, ticket
modification, or execution of arbitrary code. The crash may be
triggered by legitimate requests.

Correctly implement the filtering of authorization data items to avoid
leaving uninitialized pointers when omitting items.

https://github.com/krb5/krb5/commit/26ff86b99636dfd136d93b5cc7e50623be4d70fa
Commit By: tlyu
Revision: 24429
Changed Files:
U trunk/src/kdc/kdc_authdata.c
From: tlyu@mit.edu
Subject: SVN Commit

pull up r24429 from trunk

------------------------------------------------------------------------
r24429 | tlyu | 2010-10-05 17:05:19 -0400 (Tue, 05 Oct 2010) | 14 lines

ticket: 6797
subject: CVE-2010-1322 KDC uninitialized pointer crash in authorization data handling (MITKRB5-SA-2010-006)
tags: pullup
target_version: 1.8.4

When the KDC receives certain TGS-REQ messages, it may dereference an
uninitialized pointer while processing authorization data, causing a
crash, or in rare cases, unauthorized information disclosure, ticket
modification, or execution of arbitrary code. The crash may be
triggered by legitimate requests.

Correctly implement the filtering of authorization data items to avoid
leaving uninitialized pointers when omitting items.

https://github.com/krb5/krb5/commit/315147a989c6fde20e09a69711fda1bc5cc5fcaa
Commit By: tlyu
Revision: 24431
Changed Files:
U branches/krb5-1-8/src/kdc/kdc_authdata.c