Skip Menu |
 

From: tlyu@mit.edu
Subject: git commit

Multi-realm KDC null deref [CVE-2013-1418]

If a KDC serves multiple realms, certain requests can cause
setup_server_realm() to dereference a null pointer, crashing the KDC.

CVSSv2: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C

A related but more minor vulnerability requires authentication to
exploit, and is only present if a third-party KDC database module can
dereference a null pointer under certain conditions.

https://github.com/krb5/krb5/commit/5d2d9a1abe46a2c1a8614d4672d08d9d30a5f8bf
Author: Tom Yu <tlyu@mit.edu>
Commit: 5d2d9a1abe46a2c1a8614d4672d08d9d30a5f8bf
Branch: master
src/kdc/main.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
From: tlyu@mit.edu
Subject: git commit

Multi-realm KDC null deref [CVE-2013-1418]

If a KDC serves multiple realms, certain requests can cause
setup_server_realm() to dereference a null pointer, crashing the KDC.

CVSSv2: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C

A related but more minor vulnerability requires authentication to
exploit, and is only present if a third-party KDC database module can
dereference a null pointer under certain conditions.

(cherry picked from commit 5d2d9a1abe46a2c1a8614d4672d08d9d30a5f8bf)

https://github.com/krb5/krb5/commit/ce16bc3788d0b4c57d7e7ce057e0736633bce962
Author: Tom Yu <tlyu@mit.edu>
Commit: ce16bc3788d0b4c57d7e7ce057e0736633bce962
Branch: krb5-1.12
src/kdc/main.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)