[krbdev.mit.edu #6443] SVN Commit
Tom Yu via RT
rt-comment at krbdev.mit.edu
Tue Apr 7 17:22:18 EDT 2009
SPNEGO can read beyond the end of a buffer if the claimed DER length
exceeds the number of bytes in the input buffer. This can lead to
crash or information disclosure.
Thanks to Apple for reporting this vulnerability and providing
patches.
http://src.mit.edu/fisheye/changelog/krb5/?cs=22174
Commit By: tlyu
Revision: 22174
Changed Files:
U trunk/src/lib/gssapi/spnego/spnego_mech.c
More information about the krb5-bugs
mailing list