krb5.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Tom Yu <tlyu@mit.edu>	2013-11-04 13:44:29 -0500
committer	Tom Yu <tlyu@mit.edu>	2013-11-04 14:37:05 -0500
commit	5d2d9a1abe46a2c1a8614d4672d08d9d30a5f8bf (patch)
tree	df5e1dc03fe0c6cf04f64a646ab2e9de9b9db35b /doc/admin/conf_files
parent	bcc91c8d8b3d5b775cfde1ee461d7e0394070852 (diff)
download	krb5-5d2d9a1abe46a2c1a8614d4672d08d9d30a5f8bf.tar.gz krb5-5d2d9a1abe46a2c1a8614d4672d08d9d30a5f8bf.tar.xz krb5-5d2d9a1abe46a2c1a8614d4672d08d9d30a5f8bf.zip

Multi-realm KDC null deref [CVE-2013-1418]

If a KDC serves multiple realms, certain requests can cause setup_server_realm() to dereference a null pointer, crashing the KDC. CVSSv2: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C A related but more minor vulnerability requires authentication to exploit, and is only present if a third-party KDC database module can dereference a null pointer under certain conditions. ticket: 7755 (new) target_version: 1.12 tags: pullup

Diffstat (limited to 'doc/admin/conf_files')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: