Bug 730393 (CVE-2011-1530)

Summary: VUL-0: CVE-2011-1530: krb5: KDC null pointer dereference in TGS handling
Product: [Novell Products] SUSE Security Incidents Reporter: Ludwig Nussel <lnussel>
Component: GeneralAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: mc, security-team
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Ludwig Nussel 2011-11-15 09:57:35 UTC
Your friendly security team received the following report via security@suse.de.
Please respond ASAP.
This issue is not public yet, please keep any information about it inside SUSE.
Note that build.opensuse.org *cannot* be used to prepare embargoed updates.

It was found that krb5's KDC since version 1.9 could be made to crash on a NULL pointer deref. Remote authenticated users could exploit that to crash KDC.
Comment 2 Michael Calmer 2011-11-15 10:07:42 UTC
We have krb5 1.9 only on 12.1 and FACTORY.
Comment 3 Swamp Workflow Management 2011-11-15 23:00:14 UTC
bugbot adjusting priority
Comment 5 Michael Calmer 2011-11-21 10:36:52 UTC
See Bug 731648 for the 

  fix KDC HA feature introduced with implementing KDC poll
Comment 6 Michael Calmer 2011-12-07 08:58:18 UTC
This bug is public now. I have performed a submit request to openSUSE 12.1 and Factory.
Both SRs also include the fix for Bug 731648.

Re-assign to security team for tracking.
Comment 7 Bernhard Wiedemann 2011-12-07 09:00:18 UTC
This is an autogenerated message for OBS integration:
This bug (730393) was mentioned in
https://build.opensuse.org/request/show/95685 12.1 / krb5
https://build.opensuse.org/request/show/95686 Factory / krb5
Comment 8 Matthias Weckbecker 2011-12-07 10:27:30 UTC
CVE-2011-1530
Comment 9 Ludwig Nussel 2011-12-08 16:39:34 UTC
released