leading "/" crashed KDC

Benjamin Kaduk kaduk at MIT.EDU
Tue Aug 6 01:07:25 EDT 2013


On Mon, 5 Aug 2013, Jim Shi wrote:

> Any idea what is wellknown:org.h5l.hostbased-service?
>
> We have seen requests of a service ticket of service principal of 
> "/wellknown:org.h5l.hostbased-service at MY_REALM" which crashed our KDC.

The crash is CVE-2013-1416, the fix for 1.10 is at 
https://github.com/krb5/krb5/commit/8ee70ec63931d1e38567905387ab9b1d45734d81

The "wellknown" names are related to anonymous request processing, though 
I don't remember offhand which form exactly that is.

-Ben Kaduk


More information about the Kerberos mailing list