CVE-2012-1015
Published: 31 July 2012
The kdc_handle_protected_negotiation function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x before 1.9.5, and 1.10.x before 1.10.3 attempts to calculate a checksum before verifying that the key type is appropriate for a checksum, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free, heap memory corruption, and daemon crash) via a crafted AS-REQ request.
Notes
Author | Note |
---|---|
sbeattie | krb5 1.8 and newer code execution potential probably blocked by glibc double-free detection |
Priority
Status
Package | Release | Status |
---|---|---|
krb5 Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
hardy |
Not vulnerable
(1.6.dfsg.3~beta1-2ubuntu1.8)
|
|
lucid |
Released
(1.8.1+dfsg-2ubuntu0.11)
|
|
natty |
Released
(1.8.3+dfsg-5ubuntu2.3)
|
|
oneiric |
Released
(1.9.1+dfsg-1ubuntu2.3)
|
|
precise |
Released
(1.10+dfsg~beta1-2ubuntu0.3)
|
|
Patches: upstream: http://web.mit.edu/kerberos/advisories/2012-001-patch.txt |