pkgsrc-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

pkg/30740: Kerberos buffer overflow, heap corruption in KDC



>Number:         30740
>Category:       pkg
>Synopsis:       Kerberos buffer overflow, heap corruption in KDC
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Jul 13 13:08:00 +0000 2005
>Originator:     Zafer Aydogan
>Release:        2.0 i386
>Organization:
>Environment:
2.0 i386
>Description:
The MIT krb5 Key Distribution Center (KDC) implementation can corrupt
the heap by attempting to free memory at a random address when it
receives a certain unlikely (but valid) request via a TCP connection.
This attempt to free unallocated memory can result in a KDC crash and
consequent denial of service.  [CAN-2005-1174, VU#259798]

Please read:
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-002-kdc.txt
and
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-003-recvauth.txt

>How-To-Repeat:
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-002-kdc.txt
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-003-recvauth.txt

>Fix:
Patch1 for KDC:
http://web.mit.edu/kerberos/advisories/2005-002-patch_1.4.1.txt

Patch2 for recvauth.c
http://web.mit.edu/kerberos/advisories/2005-003-patch_1.4.1.txt




Home | Main Index | Thread Index | Old Index