krb5: Fix S4U2Self KDC crash when anon is restricted - meta-openembedded-contrib - OpenEmbedded layers collection contribution trees

diff options

author	Alexandru Moise <alexandru.moise@windriver.com>	2016-08-26 12:22:57 +0300
committer	Martin Jansa <Martin.Jansa@gmail.com>	2016-09-05 13:30:50 +0200
commit	19dc7117fd0e95d1477eb5797fbe2a3cca8f7760 (patch)
tree	8cdbb5e0937e2bc010b64ab680fdbfb4ee45fda6 /meta-oe/recipes-gnome
parent	0887841f141359acda72a5e8584bfe953bb24cdc (diff)
download	meta-openembedded-contrib-19dc7117fd0e95d1477eb5797fbe2a3cca8f7760.tar.gz

krb5: Fix S4U2Self KDC crash when anon is restricted

This is CVE-2016-3120 The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request. Signed-off-by: Alexandru Moise <alexandru.moise@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>

Diffstat (limited to 'meta-oe/recipes-gnome')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: