CVE-2012-1015 (retired)

Priority
Description
The kdc_handle_protected_negotiation function in the Key Distribution
Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x before 1.9.5, and
1.10.x before 1.10.3 attempts to calculate a checksum before verifying that
the key type is appropriate for a checksum, which allows remote attackers
to execute arbitrary code or cause a denial of service (uninitialized
pointer free, heap memory corruption, and daemon crash) via a crafted
AS-REQ request.
Notes
 sbeattie> krb5 1.8 and newer
 sbeattie> code execution potential probably blocked by glibc
  double-free detection
Assigned-to
sbeattie
Package
Source: krb5 (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (1.10.1+dfsg-2)
Patches:
Upstream:http://web.mit.edu/kerberos/advisories/2012-001-patch.txt
More Information

Updated: 2019-03-26 12:00:57 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)