[Secure-testing-commits] r16541 - data/CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Mon Apr 18 17:46:17 UTC 2011
Author: jmm
Date: 2011-04-18 17:46:16 +0000 (Mon, 18 Apr 2011)
New Revision: 16541
Modified:
data/CVE/list
Log:
add note on krb5
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2011-04-18 17:32:34 UTC (rev 16540)
+++ data/CVE/list 2011-04-18 17:46:16 UTC (rev 16541)
@@ -3941,7 +3941,13 @@
NOTE: CVE ID requested
CVE-2011-0285 (The process_chpw_request function in schpw.c in the password-changing ...)
- krb5 <unfixed> (bug #622681)
- NOTE: advisory says only 1.7 and greater are affected, but it looks to me like the vulnerable code is in fact present in lenny's 1.6
+ NOTE: 1.6 is not affected: While the error case in the process_chpw_request()
+ NOTE: in kadmind in 1.6 can leave the data pointer uninitialized, the error
+ NOTE: path in its caller will not free() that pointer (the invalid pointer
+ NOTE: goes out of scope without being freed), unlike in krb5-1.7 and later.
+ NOTE: Those later releases add support for password changing over TCP, and
+ NOTE: the error path in the TCP handling code is what frees the
+ NOTE: uninitialized pointer. (Clarification by Tom Yu)
CVE-2011-0284 (Double free vulnerability in the prepare_error_as function in ...)
- krb5 1.8.3+dfsg-6 (low; bug #618517)
[squeeze] - krb5 <no-dsa> (Will be fixed through a point update)
More information about the Secure-testing-commits
mailing list