Please sign in to comment.
PKINIT null pointer deref [CVE-2013-1415]
Don't dereference a null pointer when cleaning up. The KDC plugin for PKINIT can dereference a null pointer when a malformed packet causes processing to terminate early, leading to a crash of the KDC process. An attacker would need to have a valid PKINIT certificate or have observed a successful PKINIT authentication, or an unauthenticated attacker could execute the attack if anonymous PKINIT is enabled. CVSSv2 vector: AV:N/AC:M/Au:N/C:N/I:N/A:C/E:P/RL:O/RC:C This is a minimal commit for pullup; style fixes in a followup. [firstname.lastname@example.org: reformat and edit commit message] (cherry picked from commit c773d3c) ticket: 7570 version_fixed: 1.11.1 status: resolved
- Loading branch information...
Showing with 1 addition and 2 deletions.