diff options
author | Alexandru Moise <alexandru.moise@windriver.com> | 2016-08-26 12:22:57 +0300 |
---|---|---|
committer | Martin Jansa <Martin.Jansa@gmail.com> | 2016-09-05 13:30:50 +0200 |
commit | 19dc7117fd0e95d1477eb5797fbe2a3cca8f7760 (patch) | |
tree | 8cdbb5e0937e2bc010b64ab680fdbfb4ee45fda6 /meta-oe/recipes-gnome | |
parent | 0887841f141359acda72a5e8584bfe953bb24cdc (diff) | |
download | meta-openembedded-contrib-19dc7117fd0e95d1477eb5797fbe2a3cca8f7760.tar.gz |
krb5: Fix S4U2Self KDC crash when anon is restricted
This is CVE-2016-3120
The validate_as_request function in kdc_util.c in the Key Distribution
Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before
1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect
client data structure, which allows remote authenticated users to cause
a denial of service (NULL pointer dereference and daemon crash) via an
S4U2Self request.
Signed-off-by: Alexandru Moise <alexandru.moise@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Diffstat (limited to 'meta-oe/recipes-gnome')
0 files changed, 0 insertions, 0 deletions