git.ipfire.org Git - thirdparty/krb5.git/commit

author	Greg Hudson <ghudson@mit.edu>
	Fri, 8 Jan 2016 17:52:28 +0000 (12:52 -0500)
committer	Tom Yu <tlyu@mit.edu>
	Mon, 8 Feb 2016 22:58:01 +0000 (17:58 -0500)
commit	f9056a68f46e0bd1e3be5a4ec5f44655460d0ac9
tree	9d7109e9c6a1096067fcf64f00c41d8c9ced299c	tree
parent	6e84bedf362f1d7f36d850774bbac6f3dee21ecd	commit \| diff

Check for null kadm5 policy name [CVE-2015-8630]

In kadm5_create_principal_3() and kadm5_modify_principal(), check for
entry->policy being null when KADM5_POLICY is included in the mask.

CVE-2015-8630:

In MIT krb5 1.12 and later, an authenticated attacker with permission
to modify a principal entry can cause kadmind to dereference a null
pointer by supplying a null policy value but including KADM5_POLICY in
the mask.

CVSSv2 Vector: AV:N/AC:H/Au:S/C:N/I:N/A:C/E:POC/RL:OF/RC:C

(cherry picked from commit b863de7fbf080b15e347a736fdda0a82d42f4f6b)

ticket: 8342
version_fixed: 1.13.4
tags: -pullup
status: resolved