diff options
author | Nalin Dahyabhai <nalin@redhat.com> | 2012-12-13 14:26:07 -0500 |
---|---|---|
committer | Tom Yu <tlyu@mit.edu> | 2012-12-14 15:45:31 -0500 |
commit | cd5ff932c9d1439c961b0cf9ccff979356686aff (patch) | |
tree | f854c2bd4f9e4c9f33d6e655cdcffce5adae4407 /README | |
parent | 7a0f65b38e471a69f2f7d900758260ed1f242d5f (diff) | |
download | krb5-cd5ff932c9d1439c961b0cf9ccff979356686aff.zip krb5-cd5ff932c9d1439c961b0cf9ccff979356686aff.tar.gz krb5-cd5ff932c9d1439c961b0cf9ccff979356686aff.tar.bz2 |
PKINIT (draft9) null ptr deref [CVE-2012-1016]
Don't check for an agility KDF identifier in the non-draft9 reply
structure when we're building a draft9 reply, because it'll be NULL.
The KDC plugin for PKINIT can dereference a null pointer when handling
a draft9 request, leading to a crash of the KDC process. An attacker
would need to have a valid PKINIT certificate, or an unauthenticated
attacker could execute the attack if anonymous PKINIT is enabled.
CVSSv2 vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:P/RL:O/RC:C
[tlyu@mit.edu: reformat comment and edit log message]
ticket: 7506 (new)
target_version: 1.11
tags: pullup
Diffstat (limited to 'README')
0 files changed, 0 insertions, 0 deletions