projects / krb5.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 373a235) | patch
MITKRB5-SA-2010-001 CVE-2010-0283 KDC denial of service
authorTom Yu <tlyu@mit.edu>
Tue, 16 Feb 2010 22:10:17 +0000 (22:10 +0000)
committerTom Yu <tlyu@mit.edu>
Tue, 16 Feb 2010 22:10:17 +0000 (22:10 +0000)
commitaef4a62723bc1e4cdcdb15c130729d3e130426fd
treef76f4f833d390ef9e955261231dd6151f23c60f7tree | snapshot
parent373a23547c7c256b6eaf71713706dd847c826f2bcommit | diff
MITKRB5-SA-2010-001 CVE-2010-0283 KDC denial of service

Code introduced in krb5-1.7 can cause an assertion failure if a
KDC-REQ is internally inconsistent, specifically if the ASN.1 tag
doesn't match the msg_type field.  Thanks to Emmanuel Bouillon (NATO
C3 Agency) for discovering and reporting this vulnerability.

ticket: 6662
tags: pullup
target_version: 1.8

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23724 dc483132-0cff-0310-8789-dd5450dbe970
src/kdc/do_as_req.c diff | blob | history
src/kdc/do_tgs_req.c diff | blob | history
src/kdc/fast_util.c diff | blob | history
MIT implementation of the Kerberos network authentication protocol. This repo may be rebased, so don't base your work on it. Use git://github.com/krb5/krb5 instead.