Is the vulnerability CVE-2017-11462 applicable to older MIT Kerberos 5 releases?

Greg Hudson ghudson at
Wed Jan 17 10:24:38 EST 2018

On 01/17/2018 06:42 AM, Sergey Emantayev wrote:
> Sorry for the delayed response. 
> How can I identify an incorrect usage of gss_init_sec_context
> / gss_accept_sec_context?

Both of these calls accept a pointer to a context handle (gss_ctx_id_t).
 Both calls are permitted by RFC 2744 to delete an existing context
handle on error, setting the caller's handle to GSS_C_NO_CONTEXT;
alternatively, implementations may leave the context alone on error and
wait for the caller to delete it.

The danger arises if a caller copies the context handle and passes a
pointer to the copy to gss_init_sec_context() or
gss_accept_sec_context(), then passes a pointer to the original context
handle to gss_delete_sec_context().  If the caller uses the same pointer
to the context handle for all calls relating to a context, it should be
safe.  (If it does use copies, it can still be safe if it updates all
copies of the context handle after each call to init/accept_sec_context,
on success or failure.)

More information about the krbdev mailing list