MITKRB5-SA-2007-005: kadmind vulnerable to buffer overflow

Russ Allbery rra at
Wed Jun 27 17:19:05 EDT 2007

Mike Friedman <mikef at> writes:

> You said your patch is for 1.4.4.  I'm running 1.4.2 and everything
> seems to match except that in kadmin/server/misc.c, your patch inserts
> code at line 171 (the end) and my version of misc.c has only 151 lines! 
> Is it really the case that about 20 lines got added to this module
> between 1.4.2 and 1.4.4?

I haven't personally checked, but it wouldn't surprise me.

Russ Allbery (rra at             <>

More information about the krbdev mailing list