]> git.ipfire.org Git - thirdparty/krb5.git/commit
projects / thirdparty / krb5.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2515f9a) | patch
Verify decoded kadmin C strings [CVE-2015-8629]
authorGreg Hudson <ghudson@mit.edu>
Fri, 8 Jan 2016 17:45:25 +0000 (12:45 -0500)
committerTom Yu <tlyu@mit.edu>
Mon, 8 Feb 2016 21:53:20 +0000 (16:53 -0500)
commit54a9a01c6a923d604cd06f321b8381ebc5cb42d8
tree6613e5191fa231c767d39a2c24e6f082bfe99627tree | snapshot
parent2515f9ae54e28cbfa4ad42b94ced6b4bd43b054ccommit | diff
Verify decoded kadmin C strings [CVE-2015-8629]

In xdr_nullstring(), check that the decoded string is terminated with
a zero byte and does not contain any internal zero bytes.

CVE-2015-8629:

In all versions of MIT krb5, an authenticated attacker can cause
kadmind to read beyond the end of allocated memory by sending a string
without a terminating zero byte.  Information leakage may be possible
for an attacker with permission to modify the database.

    CVSSv2 Vector: AV:N/AC:H/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C

(cherry picked from commit df17a1224a3406f57477bcd372c61e04c0e5a5bb)

ticket: 8341
version_fixed: 1.14.1
src/lib/kadm5/kadm_rpc_xdr.c diff | blob | blame | history
Mirror of https://github.com/krb5/krb5.git