[krbdev.mit.edu #6860] SVN Commit
Tom Yu via RT
rt-comment at krbdev.mit.edu
Wed Feb 9 15:53:23 EST 2011
pull up r24622 from trunk
------------------------------------------------------------------------
r24622 | tlyu | 2011-02-09 15:25:08 -0500 (Wed, 09 Feb 2011) | 10 lines
ticket: 6860
subject: KDC denial of service attacks [MITKRB5-SA-2011-002 CVE-2011-0281 CVE-2011-0282 CVE-2011-0283]
tags: pullup
target_version: 1.9.1
[CVE-2011-0281 CVE-2011-0282] Fix some LDAP back end principal name
handling that could cause the KDC to hang or crash.
[CVE-2011-0283] Fix a KDC null pointer dereference introduced in krb5-1.9.
http://src.mit.edu/fisheye/changelog/krb5/?cs=24624
Commit By: tlyu
Revision: 24624
Changed Files:
U branches/krb5-1-9/src/kdc/dispatch.c
U branches/krb5-1-9/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
U branches/krb5-1-9/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c
U branches/krb5-1-9/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
U branches/krb5-1-9/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
More information about the krb5-bugs
mailing list