Florian Weimer f...@deneb.enyo.de writes:
* Tom Yu:
Some limited testing indicates that when the packet storm is confined
to a single host, legitimate kpasswd and kadm5 requests can still get
through, and the CPU usage pegs at about 70%. I haven't tested with
multiple hosts involved.
Out
Sam Hartman hartm...@debian.org writes:
My recommendation is that this is not worth a DSA or stable fix for
squeeze unless some Debian user comes forward and says that they're
seeing crashes in the wild related to this.
--Sam
Keep in mind that unmodified client software can trivially
Sam Hartman hartm...@debian.org writes:
Hi. At today's release meeting, MIT indicated that they are going to
set up an OSX X test environment to reproduce this problem. They will
also look into whether we can ignore the PAC and remove it from the
authdata if it fails to verify rather than
Sam Hartman hartm...@debian.org writes:
This patch looks reasonable. I have not confirmed that successfully
makes the PAC disappear, but if you've examined the logic there I'm
happy to assume it does.
On the other hand, we do appear to expose the krb5_pac_verify()
interface that is called by
forwarded 604925
http://krbdev.mit.edu/rt/Ticket/Display.html?id=6839user=guestpass=guest
tags 604925 + confirmed upstream fixed-upstream
thanks
I committed a slightly different fix that avoids breaking the
krb5_pac_verify() API.
http://src.mit.edu/fisheye/changelog/krb5/?cs=24564
--
To
retitle 577490 CVE-2010-1320 double free in KDC caused by ticket renewal
forwarded 577490 http://krbdev.mit.edu/rt/Ticket/Display.html?id=6702
tags 577490 + fixed-upstream
thanks
Upstream bug #6702 CVE-2010-1230 KDC double free caused by ticket
renewal (MITKRB5-SA-2010-004)
--
To UNSUBSCRIBE,
tags 577490 security
thanks
upstream advisory is pending
CVE-2010-1320
CVSSv2 vector AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
7 matches
Mail list logo