krb5 security update
A remote attacker may be able to make kadmind free an
invalid pointer, leading to a crash of the service
(CVE-2011-0285).
-
Submitted by
Adrian Schröter (adrianSuSE)
- Version 4373
Fixed bugs
bnc#687469
VUL-0: krb5 kadmind invalid pointer free
CVE#CVE-2011-0285
The process_chpw_request function in schpw.c in the password-changing functionality in kadmind in MIT Kerberos 5 (aka krb5) 1.7 through 1.9 frees an invalid pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (dae
