MITKRB5-SA-2003-001: Multiple vulnerabilities in old releases of MIT Kerberos
djoltes at austin.ibm.com
Tue Feb 11 12:12:59 EST 2003
By any chance does someone have code diffs for items 2 through 4
available? I could really use this information, as simply folding
the latest release into our DCE simply isn't an option.
Staff Software Engineer, IBM DCE L3 Maintenance
djoltes at austin.ibm.com or djoltes at us.ibm.com
At 03:58 PM 03-02-03 -0600, Bill Dodd wrote:
>Does anyone remember these 4 problems and their fixes well enough to
>summarize where and/or what the fixes are? We have our Kerberos product
>merged up to the 1.2.5 code, so I'm not worried about that. But I'm
>trying to help one of our DCE folks figure out what areas of code to
>look at to see if any of these fixes apply to the KDC code in the DCE
>Problem 1: KDC null pointer dereferences
> I don't recall where the fixes were for this.
>Problem 2: realm transit checks
> I DO know where these fixes are.
>Problem 3: format strings
> I vaguely remember this. Seems like there were some klog() or
> krb5_klog_syslog() calls that printed a principal string directly
> without using a "%s" format string. But poking around in some
> older trees I was unable to find the offending calls. Anyone
> remember more specifically where these calls were or which release
> they were fixed in?
>Problem 4: bounds checking on data sizes
> I recall a fix to asn1_get_length(). Were there others?
More information about the krbdev