krb5: fixed kdc remote denial of service ( CVE-2011-1528, CVE-2011-1529) and unauthorized file access (CVE-2011-1526)
The following issues have been fixed:
- CVE-2011-1528: In releases krb5-1.8 and later, the KDC
can crash due to an assertion failure.
- CVE-2011-1529: In releases krb5-1.8 and later, the KDC
can crash due to a null pointer dereference.
Both bugs could be triggered by unauthenticated remote
attackers. Additionally CVE-2011-1526 was fixed that
allowed authenticated users to access files via krb5 ftpd
they should not have access to.
-
Submitted by
Adrian Schröter (adrianSuSE)
- Version 5303
Fixed bugs
bnc#719393
VUL-0: krb5: kdc remote denial of service
