diff options
| -rw-r--r-- | security/vuxml/vuln.xml | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index a26913a473d0..c3e647626d6c 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -47,6 +47,36 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="6c7d9a35-2608-11e1-89b4-001ec9578670"> + <topic>krb5 -- KDC null pointer dereference in TGS handling</topic> + <affects> + <package> + <name>krb5</name> + <range><ge>1.9</ge><lt>1.9.2_1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The MIT Kerberos Team reports:</p> + <blockquote cite="http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2011-007.txt"> + <p>In releases krb5-1.9 and later, the KDC can crash due to a null + pointer dereference in code that handles TGS (Ticket Granting Service) + requests. The trigger condition is trivial to produce using + unmodified client software, but requires the ability to authenticate + as a principal in the KDC's realm.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2011-1530</cvename> + <url>http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2011-007.txt</url> + </references> + <dates> + <discovery>2011-12-11</discovery> + <entry>2011-12-14</entry> + </dates> + </vuln> + <vuln vid="a4a809d8-25c8-11e1-b531-00215c6a37bb"> <topic>opera -- multiple vulnerabilities</topic> <affects> |