[krbdev.mit.edu #8343] git commit
Tom Yu via RT
rt-comment at krbdev.mit.edu
Mon Feb 8 18:38:10 EST 2016
Fix leaks in kadmin server stubs [CVE-2015-8631]
In each kadmind server stub, initialize the client_name and
server_name variables, and release them in the cleanup handler. Many
of the stubs will otherwise leak the client and server name if
krb5_unparse_name() fails. Also make sure to free the prime_arg
variables in rename_principal_2_svc(), or we can leak the first one if
unparsing the second one fails. Discovered by Simo Sorce.
CVE-2015-8631:
In all versions of MIT krb5, an authenticated attacker can cause
kadmind to leak memory by supplying a null principal name in a request
which uses one. Repeating these requests will eventually cause
kadmind to exhaust all available memory.
CVSSv2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C/E:POC/RL:OF/RC:C
(cherry picked from commit 83ed75feba32e46f736fcce0d96a0445f29b96c2)
https://github.com/krb5/krb5/commit/3421a1471d635256432f37325310e49a6d039413
Author: Greg Hudson <ghudson at mit.edu>
Committer: Tom Yu <tlyu at mit.edu>
Commit: 3421a1471d635256432f37325310e49a6d039413
Branch: krb5-1.13
src/kadmin/server/server_stubs.c | 151 +++++++++++++++++++-------------------
1 files changed, 77 insertions(+), 74 deletions(-)
More information about the krb5-bugs
mailing list