MITKRB5-SA-2007-002: KDC, kadmind stack overflow in krb5_klog_syslog [CVE-2007-0957]

Mike Friedman mikef at ack.berkeley.edu
Tue Apr 3 16:01:29 EDT 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 3 Apr 2007 at 14:10 (-0400), Tom Yu wrote:

> AFFECTED SOFTWARE
> =================
>
> * MIT krb5 releases through krb5-1.6
...
>  The patch is available at
>
>  http://web.mit.edu/kerberos/advisories/2007-002-patch.txt

Tom,

Is the above patch supposed to apply to 1.4.2?  I find several large 
discrepancies in the line numbers.  For example, in 
src/kadmin/server/misc.c, the 1.4.2 version has only 151 lines, yet the 
patch refers to line 171.  There are also significant differences in, for 
example, src/kadmin/server/ovsec_kadmd.c.  Plus minor line differences in 
other modules for this patch.

Is there a different version of this patch for 1.4.2?

Thanks.

Mike

_________________________________________________________________________
Mike Friedman                        Information Services & Technology
mikef at ack.Berkeley.EDU               2484 Shattuck Avenue
1-510-642-1410                       University of California at Berkeley
http://socrates.berkeley.edu/~mikef  http://ist.berkeley.edu
_________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQA/AwUBRhKyna0bf1iNr4mCEQL2twCfUvdwqQLvlG90LbLjlOwyqqB7V9AAoMjJ
YW4CLEEpQRootDd3r5t8w2Qm
=86L5
-----END PGP SIGNATURE-----



More information about the Kerberos mailing list