Author: jmm Date: 2011-04-18 17:46:16 +0000 (Mon, 18 Apr 2011) New Revision: 16541 Modified: data/CVE/list Log: add note on krb5 Modified: data/CVE/list ==================================================================--- data/CVE/list 2011-04-18 17:32:34 UTC (rev 16540) +++ data/CVE/list 2011-04-18 17:46:16 UTC (rev 16541) @@ -3941,7 +3941,13 @@ NOTE: CVE ID requested CVE-2011-0285 (The process_chpw_request function in schpw.c in the password-changing ...) - krb5 <unfixed> (bug #622681) - NOTE: advisory says only 1.7 and greater are affected, but it looks to me like the vulnerable code is in fact present in lenny''s 1.6 + NOTE: 1.6 is not affected: While the error case in the process_chpw_request() + NOTE: in kadmind in 1.6 can leave the data pointer uninitialized, the error + NOTE: path in its caller will not free() that pointer (the invalid pointer + NOTE: goes out of scope without being freed), unlike in krb5-1.7 and later. + NOTE: Those later releases add support for password changing over TCP, and + NOTE: the error path in the TCP handling code is what frees the + NOTE: uninitialized pointer. (Clarification by Tom Yu) CVE-2011-0284 (Double free vulnerability in the prepare_error_as function in ...) - krb5 1.8.3+dfsg-6 (low; bug #618517) [squeeze] - krb5 <no-dsa> (Will be fixed through a point update)