pkg/30740: Kerberos buffer overflow, heap corruption in KDC

To: pkg-manager%netbsd.org@localhost, gnats-admin%netbsd.org@localhost, pkgsrc-bugs%netbsd.org@localhost
Subject: pkg/30740: Kerberos buffer overflow, heap corruption in KDC
From: zafer%gmx.org@localhost
Date: Wed, 13 Jul 2005 13:08:00 +0000 (UTC)

>Number:         30740
>Category:       pkg
>Synopsis:       Kerberos buffer overflow, heap corruption in KDC
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Jul 13 13:08:00 +0000 2005
>Originator:     Zafer Aydogan
>Release:        2.0 i386
>Organization:
>Environment:
2.0 i386
>Description:
The MIT krb5 Key Distribution Center (KDC) implementation can corrupt
the heap by attempting to free memory at a random address when it
receives a certain unlikely (but valid) request via a TCP connection.
This attempt to free unallocated memory can result in a KDC crash and
consequent denial of service.  [CAN-2005-1174, VU#259798]

Please read:
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-002-kdc.txt
and
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-003-recvauth.txt

>How-To-Repeat:
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-002-kdc.txt
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-003-recvauth.txt

>Fix:
Patch1 for KDC:
http://web.mit.edu/kerberos/advisories/2005-002-patch_1.4.1.txt

Patch2 for recvauth.c
http://web.mit.edu/kerberos/advisories/2005-003-patch_1.4.1.txt

Prev by Date: pkg/30739: x11/wxGTK doesn't install headers and libs for wxPlot* classes
Next by Date: pkg/30741: [PATCH] bsd.pkg.defaults.mk -> defaults/mk.conf
Previous by Thread: pkg/30739: x11/wxGTK doesn't install headers and libs for wxPlot* classes
Next by Thread: pkg/30741: [PATCH] bsd.pkg.defaults.mk -> defaults/mk.conf
Indexes:

Home | Main Index | Thread Index | Old Index