projects / krb5.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4264dd0) | patch
fix MITKRB5-SA-2007-004 [CVE-2007-2442/VU#356961, CVE-2007-2443/VU#365313]
authorTom Yu <tlyu@mit.edu>
Tue, 26 Jun 2007 18:08:20 +0000 (18:08 +0000)
committerTom Yu <tlyu@mit.edu>
Tue, 26 Jun 2007 18:08:20 +0000 (18:08 +0000)
commit581bc90958d2fbda2bb3547e9b854f5c004a430a
tree86c185270b4e5898a99d1f55119cc1e7759244cetree | snapshot
parent4264dd0b101f15826f987c65a87ee5aebfdbc3decommit | diff
fix MITKRB5-SA-2007-004 [CVE-2007-2442/VU#356961, CVE-2007-2443/VU#365313]

CVE-2007-2442/VU#356961: The RPC library can free an uninitialized
pointer.  This may lead to execution of arbitrary code.

CVE-2007-2443/VU#365313: The RPC library can write past the end of a
stack buffer.  This may (but is unlikely to) lead to execution of
arbitrary code.

ticket: new
target_version: 1.6.2
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19636 dc483132-0cff-0310-8789-dd5450dbe970
src/lib/rpc/svc_auth_gssapi.c diff | blob | history
src/lib/rpc/svc_auth_unix.c diff | blob | history
MIT implementation of the Kerberos network authentication protocol. This repo may be rebased, so don't base your work on it. Use git://github.com/krb5/krb5 instead.