[krbdev.mit.edu #7168] SVN Commit

Tom Yu via RT rt-comment at krbdev.mit.edu
Mon Jun 11 19:00:19 EDT 2012


Null pointer deref in kadmind [CVE-2012-1013]

The fix for #6626 could cause kadmind to dereference a null pointer if
a create-principal request contains no password but does contain the
KRB5_KDB_DISALLOW_ALL_TIX flag (e.g. "addprinc -randkey -allow_tix
name").  Only clients authorized to create principals can trigger the
bug.  Fix the bug by testing for a null password in check_1_6_dummy.

CVSSv2 vector: AV:N/AC:M/Au:S/C:N/I:N/A:P/E:H/RL:O/RC:C

[ghudson at mit.edu: Minor style change and commit message]

(cherry picked from commit c5be6209311d4a8f10fda37d0d3f876c1b33b77b)

https://github.com/krb5/krb5/commit/f7d42a08d9a4e4559e3efa3ed199927407be658e
Author: Richard Basch <basch at alum.mit.edu>
Committer: Tom Yu <tlyu at mit.edu>
Commit: f7d42a08d9a4e4559e3efa3ed199927407be658e
Branch: krb5-1.9
 src/lib/kadm5/srv/svr_principal.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)



More information about the krb5-bugs mailing list