krb5 vulnerabilities (CAN-2004-0644, CAN-2004-0772)
Bug #7903 reported by
Matt Zimmerman
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu |
Fix Released
|
Medium
|
Matt Zimmerman |
Bug Description
* ASN.1 decoder in MIT Kerberos 5 releases krb5-1.3.4 and
earlier allows unauthenticated remote attackers to induce
infinite loop, causing denial of service, including in KDC
code (CAN-2004-0644 , CERT VU#550464)
* Fix double free in krb524d handling of encrypted ticket contents
(CAN-2004-0772)
To post a comment you must log in.
sync complete