MITKRB5-SA-2007-005: kadmind vulnerable to buffer overflow
rra at stanford.edu
Wed Jun 27 17:19:05 EDT 2007
Mike Friedman <mikef at ack.berkeley.edu> writes:
> You said your patch is for 1.4.4. I'm running 1.4.2 and everything
> seems to match except that in kadmin/server/misc.c, your patch inserts
> code at line 171 (the end) and my version of misc.c has only 151 lines!
> Is it really the case that about 20 lines got added to this module
> between 1.4.2 and 1.4.4?
I haven't personally checked, but it wouldn't surprise me.
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the krbdev