Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Evergreen:11.2:Test
krb5
bug-849240-CVE-2013-1418-fix-multi-realm-kdc-nu...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File bug-849240-CVE-2013-1418-fix-multi-realm-kdc-null-deref.dif of Package krb5
From: Tom Yu <tlyu@mit.edu> Date: Mon, 4 Nov 2013 15:49:03 -0500 Subject: [PATCH] Multi-realm KDC null deref [CVE-2013-1418] If a KDC serves multiple realms, certain requests can cause setup_server_realm() to dereference a null pointer, crashing the KDC. CVSSv2: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C A related but more minor vulnerability requires authentication to exploit, and is only present if a third-party KDC database module can dereference a null pointer under certain conditions. (back ported from commit 5d2d9a1abe46a2c1a8614d4672d08d9d30a5f8bf) ticket: 7757 (new) version_fixed: 1.10.7 status: resolved --- src/kdc/main.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/kdc/main.c b/src/kdc/main.c index b56ec19..7160607 100644 --- a/src/kdc/main.c +++ b/src/kdc/main.c @@ -140,6 +140,9 @@ kdc_realm_t *newrealm; kret = 0; + if (sprinc == NULL) + return NULL; + if (kdc_numrealms > 1) { if (!(newrealm = find_realm_data(sprinc->realm.data, (krb5_ui_4) sprinc->realm.length))) -- 1.8.4
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor