rpms / krb5

Clone
Source Code
GIT

Blame SOURCES/krb5-1.10-CVE-2013-1418.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c7-sig-altarch-fasttrack c8 c8-beta c8s c9 c9-beta
  1.   0b6d963f14077bd0b3b79565b9a7b6ca7dc90575
  2.   SOURCES
  3.   krb5-1.10-CVE-2013-1418.patch
Blob History Raw
5af5b2 
Minor changes to apply to 1.10.3.
5af5b2
5af5b2 
commit c2ccf4197f697c4ff143b8a786acdd875e70a89d
5af5b2 
Author: Tom Yu <tlyu@mit.edu>
5af5b2 
Date:   Mon Nov 4 15:49:03 2013 -0500
5af5b2
5af5b2 
    Multi-realm KDC null deref [CVE-2013-1418]
5af5b2
5af5b2 
    If a KDC serves multiple realms, certain requests can cause
5af5b2 
    setup_server_realm() to dereference a null pointer, crashing the KDC.
5af5b2
5af5b2 
    CVSSv2: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C
5af5b2
5af5b2 
    A related but more minor vulnerability requires authentication to
5af5b2 
    exploit, and is only present if a third-party KDC database module can
5af5b2 
    dereference a null pointer under certain conditions.
5af5b2
5af5b2 
    (back ported from commit 5d2d9a1abe46a2c1a8614d4672d08d9d30a5f8bf)
5af5b2
5af5b2 
    ticket: 7757 (new)
5af5b2 
    version_fixed: 1.10.7
5af5b2 
    status: resolved
5af5b2
5af5b2 
diff --git a/src/kdc/main.c b/src/kdc/main.c
5af5b2 
index b56ec19..7160607 100644
5af5b2 
--- a/src/kdc/main.c
5af5b2 
+++ b/src/kdc/main.c
5af5b2 
@@ -140,6 +140,9 @@ setup_server_realm(krb5_principal sprinc)
5af5b2 
     int kdc_numrealms = handle->kdc_numrealms;
5af5b2
5af5b2 
     kret = 0;
5af5b2 
+    if (sprinc == NULL)
5af5b2 
+        return NULL;
5af5b2 
+
5af5b2 
     if (kdc_numrealms > 1) {
5af5b2 
         if (!(newrealm = find_realm_data(handle, sprinc->realm.data,
5af5b2 
                                          (krb5_ui_4) sprinc->realm.length)))

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation