Ubuntu

Overview
Code
Bugs
Blueprints
Translations
Answers

krb5 vulnerabilities (CAN-2004-0644, CAN-2004-0772)

Bug #7903 reported by Matt Zimmerman on 2004-09-10

Affects		Status	Importance	Assigned to	Milestone
	Ubuntu	Fix Released	Medium	Matt Zimmerman

Bug Description

* ASN.1 decoder in MIT Kerberos 5 releases krb5-1.3.4 and
    earlier allows unauthenticated remote attackers to induce
    infinite loop, causing denial of service, including in KDC
    code (CAN-2004-0644 , CERT VU#550464)
  * Fix double free in krb524d handling of encrypted ticket contents
    (CAN-2004-0772)

CVE References

2004-0644
2004-0772

Revision history for this message

Matt Zimmerman (mdz) wrote on 2004-09-11:

sync complete

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

ubuntu-bugzilla #1145 Edit

Bug watches keep track of this bug in other bug trackers.