leading "/" crashed KDC
Benjamin Kaduk
kaduk at MIT.EDU
Tue Aug 6 01:07:25 EDT 2013
On Mon, 5 Aug 2013, Jim Shi wrote:
> Any idea what is wellknown:org.h5l.hostbased-service?
>
> We have seen requests of a service ticket of service principal of
> "/wellknown:org.h5l.hostbased-service at MY_REALM" which crashed our KDC.
The crash is CVE-2013-1416, the fix for 1.10 is at
https://github.com/krb5/krb5/commit/8ee70ec63931d1e38567905387ab9b1d45734d81
The "wellknown" names are related to anonymous request processing, though
I don't remember offhand which form exactly that is.
-Ben Kaduk
More information about the Kerberos
mailing list