pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/security/mit-krb5

Module Name:    pkgsrc
Committed By:   tez
Date:           Mon May 13 22:42:34 UTC 2013

Modified Files:
        pkgsrc/security/mit-krb5: Makefile distinfo
Added Files:
        pkgsrc/security/mit-krb5/patches: patch-kadmin_server_schpw.c

Log Message:
The kpasswd service provided by kadmind was vulnerable to a UDP
"ping-pong" attack [CVE-2002-2443].  Don't respond to packets unless
they pass some basic validation, and don't respond to our own error

Some authors use CVE-1999-0103 to refer to the kpasswd UDP ping-pong
attack or UDP ping-pong attacks in general, but there is discussion
leading toward narrowing the definition of CVE-1999-0103 to the echo,
chargen, or other similar built-in inetd services.

To generate a diff of this commit:
cvs rdiff -u -r1.69 -r1.70 pkgsrc/security/mit-krb5/Makefile
cvs rdiff -u -r1.42 -r1.43 pkgsrc/security/mit-krb5/distinfo
cvs rdiff -u -r0 -r1.1 \

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Home | Main Index | Thread Index | Old Index