Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
PKINIT (draft9) null ptr deref [CVE-2012-1016]
Don't check for an agility KDF identifier in the non-draft9 reply structure when we're building a draft9 reply, because it'll be NULL. The KDC plugin for PKINIT can dereference a null pointer when handling a draft9 request, leading to a crash of the KDC process. An attacker would need to have a valid PKINIT certificate, or an unauthenticated attacker could execute the attack if anonymous PKINIT is enabled. CVSSv2 vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:P/RL:O/RC:C [tlyu@mit.edu: reformat comment and edit log message] (cherry picked from commit cd5ff93) ticket: 7506 version_fixed: 1.11 status: resolved
- Loading branch information