[krbdev.mit.edu #7226] SVN Commit
Tom Yu via RT
rt-comment at krbdev.mit.edu
Wed Aug 1 14:07:00 EDT 2012
Fix KDC uninit ptrs [CVE-2012-1014 CVE-2012-1015]
Fix KDC heap corruption and crash vulnerabilities [MITKRB5-SA-2012-001
CVE-2012-1014 CVE-2012-1015].
CVE-2012-1015: The cleanup code in kdc_handle_protected_negotiation()
in kdc_util.c could free an uninitialized pointer in some error
conditions involving "similar" enctypes and a failure in
krb5_c_make_checksum(). Initialize the pointer correctly.
Additionally, adjust the handling of "similar" enctypes to avoid
advertising enctypes that could lead to inadvertent triggering of
CVE-2012-1015 (possibly in unpatched KDCs).
CVE-2012-1014: process_as_req() could encounter an error condition
(typically a malformed AS-REQ message) that could cause its cleanup
code to dereference an uninitialized pointer, causing a crash.
Initialize the pointer correctly.
https://github.com/krb5/krb5/commit/dee054247300c1ae955dfadf237f4073817d98d6
Author: Tom Yu <tlyu at mit.edu>
Commit: dee054247300c1ae955dfadf237f4073817d98d6
Branch: krb5-1.10
src/kdc/do_as_req.c | 3 ++-
src/kdc/kdc_preauth.c | 3 ++-
src/kdc/kdc_util.c | 1 +
src/lib/kdb/kdb_default.c | 3 +++
4 files changed, 8 insertions(+), 2 deletions(-)
More information about the krb5-bugs
mailing list