[krbdev.mit.edu #7225] SVN Commit
Tom Yu via RT
rt-comment at krbdev.mit.edu
Wed Aug 1 15:58:58 EDT 2012
Fix KDC heap corruption vuln [CVE-2012-1015]
Fix KDC heap corruption vulnerability [MITKRB5-SA-2012-001
CVE-2012-1015]. The cleanup code in
kdc_handle_protected_negotiation() in kdc_util.c could free an
uninitialized pointer in some error conditions involving "similar"
enctypes and a failure in krb5_c_make_checksum().
Additionally, adjust the handling of "similar" enctypes to avoid
advertising enctypes that could lead to inadvertent triggering of this
vulnerability (possibly in unpatched KDCs).
Note that CVE-2012-1014 (also described in MITKRB5-SA-2012-001) only
applies to the krb5-1.10 branch and doesn't affect the master branch
or releases prior to krb5-1.10.
(cherry picked from commit 3551501359c6d2396fa4779d378ae165f5b37242)
https://github.com/krb5/krb5/commit/eea40a7476f3fe8e1047349eaaf7c0e9426196d2
Author: Tom Yu <tlyu at mit.edu>
Commit: eea40a7476f3fe8e1047349eaaf7c0e9426196d2
Branch: krb5-1.9
src/kdc/kdc_preauth.c | 3 ++-
src/kdc/kdc_util.c | 1 +
src/lib/kdb/kdb_default.c | 3 +++
3 files changed, 6 insertions(+), 1 deletions(-)
More information about the krb5-bugs
mailing list