git.tremily.us Git - krb5.git/commit

author	Tom Yu <tlyu@mit.edu>
	Tue, 5 Oct 2010 21:05:19 +0000 (21:05 +0000)
committer	Tom Yu <tlyu@mit.edu>
	Tue, 5 Oct 2010 21:05:19 +0000 (21:05 +0000)
commit	26ff86b99636dfd136d93b5cc7e50623be4d70fa
tree	3f96af729a586f510876d3c99d5f803f6796c0a6	tree \| snapshot
parent	ce1144885de0265299e77c9b411381df04b91726	commit \| diff

CVE-2010-1322 KDC uninitialized pointer crash in authorization data handling (MITKRB5-SA-2010-006)

When the KDC receives certain TGS-REQ messages, it may dereference an
uninitialized pointer while processing authorization data, causing a
crash, or in rare cases, unauthorized information disclosure, ticket
modification, or execution of arbitrary code. The crash may be
triggered by legitimate requests.

Correctly implement the filtering of authorization data items to avoid
leaving uninitialized pointers when omitting items.

ticket: 6797
tags: pullup
target_version: 1.8.4

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24429 dc483132-0cff-0310-8789-dd5450dbe970

MIT implementation of the Kerberos network authentication protocol. This repo may be rebased, so don't base your work on it. Use git://github.com/krb5/krb5 instead.

RSS Atom