MITKRB5-SA-2003-05: Buffer overrun and underrun in principal name handling

Ken Raeburn raeburn at MIT.EDU
Thu Mar 20 16:47:22 EST 2003


This advisory has been updated on our web site.

The patch is now contained in a separate text file, with a separate
PGP signature available.

The advisory text now notes that it includes information also
published in the following vulnerability notes:

   CVE CAN-2003-0082

      Buffer underrun

   CVE CAN-2003-0072

      Array overrun -- only the portions that appeared to affect a server
      with no strange realm configurations were included here.

This announcement and related security advisories may be found on the
MIT Kerberos security advisory page at:

	http://web.mit.edu/kerberos/www/advisories/index.html

The main MIT Kerberos web page is at:

	http://web.mit.edu/kerberos/www/index.html

Ken
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 231 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/kerberos-announce/attachments/20030320/8d9dc660/attachment.bin


More information about the kerberos-announce mailing list