Bugzilla – Bug 730393
VUL-0: CVE-2011-1530: krb5: KDC null pointer dereference in TGS handling
Last modified: 2017-07-03 07:34:46 UTC
Your friendly security team received the following report via email@example.com.
Please respond ASAP.
This issue is not public yet, please keep any information about it inside SUSE.
Note that build.opensuse.org *cannot* be used to prepare embargoed updates.
It was found that krb5's KDC since version 1.9 could be made to crash on a NULL pointer deref. Remote authenticated users could exploit that to crash KDC.
We have krb5 1.9 only on 12.1 and FACTORY.
bugbot adjusting priority
See Bug 731648 for the
fix KDC HA feature introduced with implementing KDC poll
This bug is public now. I have performed a submit request to openSUSE 12.1 and Factory.
Both SRs also include the fix for Bug 731648.
Re-assign to security team for tracking.
This is an autogenerated message for OBS integration:
This bug (730393) was mentioned in
https://build.opensuse.org/request/show/95685 12.1 / krb5
https://build.opensuse.org/request/show/95686 Factory / krb5