]> git.ipfire.org Git - thirdparty/krb5.git/commit
projects / thirdparty / krb5.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c546a30) | patch
Verify decoded kadmin C strings [CVE-2015-8629]
authorGreg Hudson <ghudson@mit.edu>
Fri, 8 Jan 2016 17:45:25 +0000 (12:45 -0500)
committerGreg Hudson <ghudson@mit.edu>
Wed, 27 Jan 2016 20:43:27 +0000 (15:43 -0500)
commitdf17a1224a3406f57477bcd372c61e04c0e5a5bb
treee3d35f3cdc2ae8fddc0566aa08079c0b837398c4tree
parentc546a30c7c9299a419f757768a3349bde09c9cd4commit | diff
Verify decoded kadmin C strings [CVE-2015-8629]

In xdr_nullstring(), check that the decoded string is terminated with
a zero byte and does not contain any internal zero bytes.

CVE-2015-8629:

In all versions of MIT krb5, an authenticated attacker can cause
kadmind to read beyond the end of allocated memory by sending a string
without a terminating zero byte.  Information leakage may be possible
for an attacker with permission to modify the database.

    CVSSv2 Vector: AV:N/AC:H/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C

ticket: 8341 (new)
target_version: 1.14-next
target_version: 1.13-next
tags: pullup
src/lib/kadm5/kadm_rpc_xdr.c diff | blob | blame | history
Mirror of https://github.com/krb5/krb5.git