Back to bug 1302617
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Adam Mariš | 2016-01-28 09:43:07 UTC | Depends On | 1302618 | |
| Adam Mariš | 2016-01-28 10:23:58 UTC | Blocks | 1302647 | |
| Salvatore Bonaccorso | 2016-01-31 10:28:18 UTC | CC | carnil | |
| Stefan Cornelius | 2016-02-08 09:52:51 UTC | Whiteboard | impact=low,public=20160108,reported=20160127,source=redhat,cvss2=2.1/AV:N/AC:H/Au:S/C:P/I:N/A:N,cwe=CWE-119,rhel-5/krb5=new,rhel-6/krb5=new,rhel-7/krb5=new,jbews-2/krb5=new,fedora-all/krb5=affected | impact=low,public=20160108,reported=20160127,source=redhat,cvss2=2.1/AV:N/AC:H/Au:S/C:P/I:N/A:N,cwe=CWE-119,rhel-5/krb5=affected,rhel-6/krb5=affected,rhel-7/krb5=affected,jbews-2/krb5=new,fedora-all/krb5=affected |
| Cedric Buissart | 2016-02-10 13:08:03 UTC | CC | cbuissar | |
| Slawomir Czarko | 2016-02-11 09:39:27 UTC | CC | slawomir | |
| Stefan Cornelius | 2016-02-11 14:36:36 UTC | Whiteboard | impact=low,public=20160108,reported=20160127,source=redhat,cvss2=2.1/AV:N/AC:H/Au:S/C:P/I:N/A:N,cwe=CWE-119,rhel-5/krb5=affected,rhel-6/krb5=affected,rhel-7/krb5=affected,jbews-2/krb5=new,fedora-all/krb5=affected | impact=low,public=20160108,reported=20160127,source=redhat,cvss2=2.1/AV:N/AC:H/Au:S/C:P/I:N/A:N,cwe=CWE-119,rhel-5/krb5=wontfix,rhel-6/krb5=affected,rhel-7/krb5=affected,jbews-2/krb5=new,fedora-all/krb5=affected |
| Cedric Buissart | 2016-02-12 10:19:42 UTC | Depends On | 1306969 | |
| Cedric Buissart | 2016-02-12 10:19:49 UTC | Depends On | 1306970 | |
| Cedric Buissart | 2016-02-12 10:22:50 UTC | Depends On | 1306973 | |
| Cedric Buissart | 2016-02-12 10:22:58 UTC | Depends On | 1306974 | |
| Cedric Buissart | 2016-02-16 14:33:04 UTC | Doc Text | An information disclosure flaw was discovered in the xdr_nullstring() function. An authenticated attacker with write permissions to the database could send a maliciously crafted message to the krb5 service, possibly leading to private memory information written to the database. | |
| Norman Sardella | 2016-02-16 14:55:48 UTC | CC | sardella | |
| Martin Prpič | 2016-03-03 10:47:17 UTC | Doc Text | An information disclosure flaw was discovered in the xdr_nullstring() function. An authenticated attacker with write permissions to the database could send a maliciously crafted message to the krb5 service, possibly leading to private memory information written to the database. | An information disclosure flaw was discovered in the xdr_nullstring() function of MIT Kerberos. An authenticated attacker with write permissions to the database could send a maliciously crafted message to the kadmind service, possibly leading to private memory information being written to the database. |
| Tomas Hoger | 2016-03-03 21:29:10 UTC | Fixed In Version | krb5 1.14.1, krb5 1.13.4 | |
| Cedric Buissart | 2016-03-10 13:06:06 UTC | Doc Text | An information disclosure flaw was discovered in the xdr_nullstring() function of MIT Kerberos. An authenticated attacker with write permissions to the database could send a maliciously crafted message to the kadmind service, possibly leading to private memory information being written to the database. | An out of bound read vulnerability was found in the kadmind service of MIT Kerberos. An authenticated attacker could send a maliciously crafted message to force kadmind to read beyond the end of allocated memory, and write it in the database if the attacker has write permission, leading to information disclosure. |
| Martin Prpič | 2016-03-14 09:29:39 UTC | Doc Text | An out of bound read vulnerability was found in the kadmind service of MIT Kerberos. An authenticated attacker could send a maliciously crafted message to force kadmind to read beyond the end of allocated memory, and write it in the database if the attacker has write permission, leading to information disclosure. | An out-of-bounds read flaw was found in the kadmind service of MIT Kerberos. An authenticated attacker could send a maliciously crafted message to force kadmind to read beyond the end of allocated memory, and write the contents to the database if the attacker has write permission, leading to information disclosure. |
| Martin Prpič | 2016-03-14 09:36:54 UTC | Doc Text | An out-of-bounds read flaw was found in the kadmind service of MIT Kerberos. An authenticated attacker could send a maliciously crafted message to force kadmind to read beyond the end of allocated memory, and write the contents to the database if the attacker has write permission, leading to information disclosure. | An out-of-bounds read flaw was found in the kadmind service of MIT Kerberos. An authenticated attacker could send a maliciously crafted message to force kadmind to read beyond the end of allocated memory, and write the memory contents to the KDC database if the attacker has write permission, leading to information disclosure. |
| Tomas Hoger | 2016-04-01 07:07:23 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2016-04-01 03:07:23 UTC | |||
| Jason Shepherd | 2016-04-03 23:18:06 UTC | Whiteboard | impact=low,public=20160108,reported=20160127,source=redhat,cvss2=2.1/AV:N/AC:H/Au:S/C:P/I:N/A:N,cwe=CWE-119,rhel-5/krb5=wontfix,rhel-6/krb5=affected,rhel-7/krb5=affected,jbews-2/krb5=new,fedora-all/krb5=affected | impact=low,public=20160108,reported=20160127,source=redhat,cvss2=2.1/AV:N/AC:H/Au:S/C:P/I:N/A:N,cwe=CWE-119,rhel-5/krb5=wontfix,rhel-6/krb5=affected,rhel-7/krb5=affected,jbews-2/krb5=notaffected,fedora-all/krb5=affected |
| Product Security DevOps Team | 2019-09-29 13:43:28 UTC | Whiteboard | impact=low,public=20160108,reported=20160127,source=redhat,cvss2=2.1/AV:N/AC:H/Au:S/C:P/I:N/A:N,cwe=CWE-119,rhel-5/krb5=wontfix,rhel-6/krb5=affected,rhel-7/krb5=affected,jbews-2/krb5=notaffected,fedora-all/krb5=affected |
Back to bug 1302617