[krbdev.mit.edu #6446] SVN Commit
Tom Yu via RT
rt-comment at krbdev.mit.edu
Tue Apr 7 21:22:52 EDT 2009
pull up rxxxxx from trunk
SPNEGO can read beyond the end of a buffer if the claimed DER length
exceeds the number of bytes in the input buffer. This can lead to
crash or information disclosure.
Thanks to Apple for reporting this vulnerability and providing
patches.
http://src.mit.edu/fisheye/changelog/krb5/?cs=22179
Commit By: tlyu
Revision: 22179
Changed Files:
U branches/krb5-1-6/src/lib/gssapi/spnego/spnego_mech.c
More information about the krb5-bugs
mailing list