git.ipfire.org Git - thirdparty/krb5.git/commit

]> git.ipfire.org Git - thirdparty/krb5.git/commit

projects / thirdparty / krb5.git / commit

author	Tom Yu <tlyu@mit.edu>
	Mon, 4 Nov 2013 18:44:29 +0000 (13:44 -0500)
committer	Tom Yu <tlyu@mit.edu>
	Mon, 4 Nov 2013 19:37:05 +0000 (14:37 -0500)
commit	5d2d9a1abe46a2c1a8614d4672d08d9d30a5f8bf
tree	df5e1dc03fe0c6cf04f64a646ab2e9de9b9db35b	tree
parent	bcc91c8d8b3d5b775cfde1ee461d7e0394070852	commit \| diff

Multi-realm KDC null deref [CVE-2013-1418]

If a KDC serves multiple realms, certain requests can cause
setup_server_realm() to dereference a null pointer, crashing the KDC.

CVSSv2: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C

A related but more minor vulnerability requires authentication to
exploit, and is only present if a third-party KDC database module can
dereference a null pointer under certain conditions.

ticket: 7755 (new)
target_version: 1.12
tags: pullup

src/kdc/main.c

diff | blob | blame | history

Mirror of https://github.com/krb5/krb5.git

RSS Atom