projects / krb5.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7558fb3) | patch
Access controls for string RPCs [CVE-2012-1012]
authorGreg Hudson <ghudson@mit.edu>
Tue, 21 Feb 2012 19:14:47 +0000 (19:14 +0000)
committerGreg Hudson <ghudson@mit.edu>
Tue, 21 Feb 2012 19:14:47 +0000 (19:14 +0000)
commite31c182a5ddbdf21490d18fe308a50d82a7d7453
tree2af234759c88b9c0d255b08efe2682d5c34faa02tree | snapshot
parent7558fb3af9f9fdfb8195333c11a70ab7b354f82ccommit | diff
Access controls for string RPCs [CVE-2012-1012]

In the kadmin protocol, make the access controls for
get_strings/set_string mirror those of get_principal/modify_principal.
Previously, anyone with global list privileges could get or modify
string attributes on any principal.  The impact of this depends on how
generous the kadmind acl is with list permission and whether string
attributes are used in a deployment (nothing in the core code uses
them yet).

CVSSv2 vector: AV:N/AC:M/Au:S/C:P/I:P/A:N/E:H/RL:O/RC:C

ticket: 7093
target_version: 1.10.1
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25704 dc483132-0cff-0310-8789-dd5450dbe970
src/kadmin/server/server_stubs.c diff | blob | history
MIT implementation of the Kerberos network authentication protocol. This repo may be rebased, so don't base your work on it. Use git://github.com/krb5/krb5 instead.