]> git.ipfire.org Git - thirdparty/krb5.git/commit
projects / thirdparty / krb5.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: df17a12) | patch
Check for null kadm5 policy name [CVE-2015-8630]
authorGreg Hudson <ghudson@mit.edu>
Fri, 8 Jan 2016 17:52:28 +0000 (12:52 -0500)
committerGreg Hudson <ghudson@mit.edu>
Wed, 27 Jan 2016 20:43:27 +0000 (15:43 -0500)
commitb863de7fbf080b15e347a736fdda0a82d42f4f6b
tree74ff2b2a69c482c66caf1ea52d5105544e26df9ctree
parentdf17a1224a3406f57477bcd372c61e04c0e5a5bbcommit | diff
Check for null kadm5 policy name [CVE-2015-8630]

In kadm5_create_principal_3() and kadm5_modify_principal(), check for
entry->policy being null when KADM5_POLICY is included in the mask.

CVE-2015-8630:

In MIT krb5 1.12 and later, an authenticated attacker with permission
to modify a principal entry can cause kadmind to dereference a null
pointer by supplying a null policy value but including KADM5_POLICY in
the mask.

    CVSSv2 Vector: AV:N/AC:H/Au:S/C:N/I:N/A:C/E:POC/RL:OF/RC:C

ticket: 8342 (new)
target_version: 1.14-next
target_version: 1.13-next
tags: pullup
src/lib/kadm5/srv/svr_principal.c diff | blob | blame | history
Mirror of https://github.com/krb5/krb5.git