Skip to content
Permalink
Browse files Browse the repository at this point in the history
Multi-realm KDC null deref [CVE-2013-1418]
If a KDC serves multiple realms, certain requests can cause
setup_server_realm() to dereference a null pointer, crashing the KDC.

CVSSv2: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C

A related but more minor vulnerability requires authentication to
exploit, and is only present if a third-party KDC database module can
dereference a null pointer under certain conditions.

(back ported from commit 5d2d9a1)

ticket: 7757 (new)
version_fixed: 1.10.7
status: resolved
  • Loading branch information
tlyu committed Nov 4, 2013
1 parent 054d3ae commit c2ccf41
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions src/kdc/main.c
Expand Up @@ -140,6 +140,9 @@ setup_server_realm(krb5_principal sprinc)
kdc_realm_t *newrealm;

kret = 0;
if (sprinc == NULL)
return NULL;

if (kdc_numrealms > 1) {
if (!(newrealm = find_realm_data(sprinc->realm.data,
(krb5_ui_4) sprinc->realm.length)))
Expand Down

0 comments on commit c2ccf41

Please sign in to comment.