File bug-849240-CVE-2013-1418-fix-multi-realm-kdc-nu... of Package krb5

Overview Repositories Revisions Requests Users Attributes Meta

File bug-849240-CVE-2013-1418-fix-multi-realm-kdc-null-deref.dif of Package krb5

From: Tom Yu <tlyu@mit.edu>
Date: Mon, 4 Nov 2013 15:49:03 -0500
Subject: [PATCH] Multi-realm KDC null deref [CVE-2013-1418]

If a KDC serves multiple realms, certain requests can cause
setup_server_realm() to dereference a null pointer, crashing the KDC.

CVSSv2: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C

A related but more minor vulnerability requires authentication to
exploit, and is only present if a third-party KDC database module can
dereference a null pointer under certain conditions.

(back ported from commit 5d2d9a1abe46a2c1a8614d4672d08d9d30a5f8bf)

ticket: 7757 (new)
version_fixed: 1.10.7
status: resolved
---
 src/kdc/main.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/kdc/main.c b/src/kdc/main.c
index b56ec19..7160607 100644
--- a/src/kdc/main.c
+++ b/src/kdc/main.c
@@ -140,6 +140,9 @@
     kdc_realm_t         *newrealm;
 
     kret = 0;
+    if (sprinc == NULL)
+        return NULL;
+
     if (kdc_numrealms > 1) {
         if (!(newrealm = find_realm_data(sprinc->realm.data,
                                          (krb5_ui_4) sprinc->realm.length)))
-- 
1.8.4

Places

File bug-849240-CVE-2013-1418-fix-multi-realm-kdc-null-deref.dif of Package krb5

Places