]> git.ipfire.org Git - thirdparty/krb5.git/commit
projects / thirdparty / krb5.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7a0f65b) | patch
PKINIT (draft9) null ptr deref [CVE-2012-1016]
authorNalin Dahyabhai <nalin@redhat.com>
Thu, 13 Dec 2012 19:26:07 +0000 (14:26 -0500)
committerTom Yu <tlyu@mit.edu>
Fri, 14 Dec 2012 20:45:31 +0000 (15:45 -0500)
commitcd5ff932c9d1439c961b0cf9ccff979356686aff
treef854c2bd4f9e4c9f33d6e655cdcffce5adae4407tree
parent7a0f65b38e471a69f2f7d900758260ed1f242d5fcommit | diff
PKINIT (draft9) null ptr deref [CVE-2012-1016]

Don't check for an agility KDF identifier in the non-draft9 reply
structure when we're building a draft9 reply, because it'll be NULL.

The KDC plugin for PKINIT can dereference a null pointer when handling
a draft9 request, leading to a crash of the KDC process.  An attacker
would need to have a valid PKINIT certificate, or an unauthenticated
attacker could execute the attack if anonymous PKINIT is enabled.

CVSSv2 vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:P/RL:O/RC:C

[tlyu@mit.edu: reformat comment and edit log message]

ticket: 7506 (new)
target_version: 1.11
tags: pullup
src/plugins/preauth/pkinit/pkinit_srv.c diff | blob | blame | history
Mirror of https://github.com/krb5/krb5.git