Author: jmm
Date: 2011-04-18 17:46:16 +0000 (Mon, 18 Apr 2011)
New Revision: 16541
Modified:
data/CVE/list
Log:
add note on krb5
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2011-04-18 17:32:34 UTC (rev 16540)
+++ data/CVE/list 2011-04-18 17:46:16 UTC (rev 16541)
@@ -3941,7 +3941,13 @@
NOTE: CVE ID requested
CVE-2011-0285 (The process_chpw_request function in schpw.c in the
password-changing ...)
- krb5 <unfixed> (bug #622681)
- NOTE: advisory says only 1.7 and greater are affected, but it looks to
me like the vulnerable code is in fact present in lenny's 1.6
+ NOTE: 1.6 is not affected: While the error case in the
process_chpw_request()
+ NOTE: in kadmind in 1.6 can leave the data pointer uninitialized, the
error
+ NOTE: path in its caller will not free() that pointer (the invalid
pointer
+ NOTE: goes out of scope without being freed), unlike in krb5-1.7 and
later.
+ NOTE: Those later releases add support for password changing over TCP,
and
+ NOTE: the error path in the TCP handling code is what frees the
+ NOTE: uninitialized pointer. (Clarification by Tom Yu)
CVE-2011-0284 (Double free vulnerability in the prepare_error_as function in
...)
- krb5 1.8.3+dfsg-6 (low; bug #618517)
[squeeze] - krb5 <no-dsa> (Will be fixed through a point update)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
