rocket-tools/riscv-gnu-toolchain/qemu/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/krb5.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Richard Basch <basch@alum.mit.edu>	2012-05-29 14:07:03 -0400
committer	Greg Hudson <ghudson@mit.edu>	2012-05-29 14:10:27 -0400
commit	c5be6209311d4a8f10fda37d0d3f876c1b33b77b (patch)
tree	7788c82ab07f3de54c633d0f8982cf9bad6fc029 /NOTICE
parent	eebe17cce0dfaaeb403fe97c6e2048dda32226f1 (diff)
download	krb5-c5be6209311d4a8f10fda37d0d3f876c1b33b77b.zip krb5-c5be6209311d4a8f10fda37d0d3f876c1b33b77b.tar.gz krb5-c5be6209311d4a8f10fda37d0d3f876c1b33b77b.tar.bz2

Null pointer deref in kadmind [CVE-2012-1013]

The fix for #6626 could cause kadmind to dereference a null pointer if a create-principal request contains no password but does contain the KRB5_KDB_DISALLOW_ALL_TIX flag (e.g. "addprinc -randkey -allow_tix name"). Only clients authorized to create principals can trigger the bug. Fix the bug by testing for a null password in check_1_6_dummy. CVSSv2 vector: AV:N/AC:M/Au:S/C:N/I:N/A:P/E:H/RL:O/RC:C [ghudson@mit.edu: Minor style change and commit message] ticket: 7152 target_version: 1.10.2 tags: pullup

Diffstat (limited to 'NOTICE')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: