[prev in list] [next in list] [prev in thread] [next in thread]
List: krb5-bugs
Subject: [krbdev.mit.edu #7570] SVN Commit
From: "Tom Yu via RT" <rt-comment () krbdev ! mit ! edu>
Date: 2013-02-19 20:45:37
Message-ID: rt-7570-38174.0.493020835167712 () krbdev ! mit ! edu
[Download RAW message or body]
PKINIT null pointer deref [CVE-2013-1415]
Don't dereference a null pointer when cleaning up.
The KDC plugin for PKINIT can dereference a null pointer when a
malformed packet causes processing to terminate early, leading to
a crash of the KDC process. An attacker would need to have a valid
PKINIT certificate or have observed a successful PKINIT authentication,
or an unauthenticated attacker could execute the attack if anonymous
PKINIT is enabled.
CVSSv2 vector: AV:N/AC:M/Au:N/C:N/I:N/A:C/E:P/RL:O/RC:C
This is a minimal commit for pullup; style fixes in a followup.
[kaduk@mit.edu: reformat and edit commit message]
(cherry picked from commit c773d3c775e9b2d88bcdff5f8a8ba88d7ec4e8ed)
https://github.com/krb5/krb5/commit/f249555301940c6df3a2cdda13b56b5674eebc2e
Author: Xi Wang <xi.wang@gmail.com>
Committer: Tom Yu <tlyu@mit.edu>
Commit: f249555301940c6df3a2cdda13b56b5674eebc2e
Branch: krb5-1.11
src/plugins/preauth/pkinit/pkinit_crypto_openssl.c | 3 +--
1 files changed, 1 insertions(+), 2 deletions(-)
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic