Back to bug 1302632
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Adam Mariš | 2016-01-28 10:13:10 UTC | Depends On | 1302633 | |
| Adam Mariš | 2016-01-28 10:23:48 UTC | Blocks | 1302647 | |
| Stefan Cornelius | 2016-02-08 09:59:57 UTC | Whiteboard | impact=low,public=20160108,reported=20160127,source=redhat,cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:N/A:P,cwe=CWE-476,rhel-5/krb5=new,rhel-6/krb5=new,rhel-7/krb5=new,jbews-2/krb5=new,fedora-all/krb5=affected | impact=low,public=20160108,reported=20160127,source=redhat,cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:N/A:P,cwe=CWE-476,rhel-5/krb5=affected,rhel-6/krb5=affected,rhel-7/krb5=affected,jbews-2/krb5=new,fedora-all/krb5=affected |
| Slawomir Czarko | 2016-02-11 09:39:34 UTC | CC | slawomir | |
| Stefan Cornelius | 2016-02-11 14:36:40 UTC | Whiteboard | impact=low,public=20160108,reported=20160127,source=redhat,cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:N/A:P,cwe=CWE-476,rhel-5/krb5=affected,rhel-6/krb5=affected,rhel-7/krb5=affected,jbews-2/krb5=new,fedora-all/krb5=affected | impact=low,public=20160108,reported=20160127,source=redhat,cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:N/A:P,cwe=CWE-476,rhel-5/krb5=wontfix,rhel-6/krb5=notaffected,rhel-7/krb5=affected,jbews-2/krb5=new,fedora-all/krb5=affected |
| Stefan Cornelius | 2016-02-11 14:39:10 UTC | Whiteboard | impact=low,public=20160108,reported=20160127,source=redhat,cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:N/A:P,cwe=CWE-476,rhel-5/krb5=wontfix,rhel-6/krb5=notaffected,rhel-7/krb5=affected,jbews-2/krb5=new,fedora-all/krb5=affected | impact=low,public=20160108,reported=20160127,source=redhat,cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:N/A:P,cwe=CWE-476,rhel-5/krb5=notaffected,rhel-6/krb5=notaffected,rhel-7/krb5=affected,jbews-2/krb5=new,fedora-all/krb5=affected |
| Cedric Buissart | 2016-02-12 10:19:42 UTC | Depends On | 1306969 | |
| Cedric Buissart | 2016-02-12 10:19:49 UTC | Depends On | 1306970 | |
| Cedric Buissart | 2016-02-16 14:44:28 UTC | Doc Text | A NULL pointer dereference flaw was found in the procedure used by MIT krb5 kadmind service to store policies. The kadm5_create_principal_3() and kadm5_modify_principal() did not ensure that a policy was given when KADM5_POLICY was set. An authenticated attacker with permission to modify the database could use this flaw to maliciously add or modify a principal with a policy set to NULL, causing the kadmind service to crash. | |
| Norman Sardella | 2016-02-16 14:55:29 UTC | CC | sardella | |
| Martin Prpič | 2016-03-03 10:49:34 UTC | Doc Text | A NULL pointer dereference flaw was found in the procedure used by MIT krb5 kadmind service to store policies. The kadm5_create_principal_3() and kadm5_modify_principal() did not ensure that a policy was given when KADM5_POLICY was set. An authenticated attacker with permission to modify the database could use this flaw to maliciously add or modify a principal with a policy set to NULL, causing the kadmind service to crash. | A NULL pointer dereference flaw was found in the procedure used by the MIT Kerberos kadmind service to store policies: the kadm5_create_principal_3() and kadm5_modify_principal() function did not ensure that a policy was given when KADM5_POLICY was set. An authenticated attacker with permissions to modify the database could use this flaw to add or modify a principal with a policy set to NULL, causing the kadmind service to crash. |
| Tomas Hoger | 2016-03-03 21:29:12 UTC | Fixed In Version | krb5 1.14.1, krb5 1.13.4 | |
| Tomas Hoger | 2016-04-01 07:07:42 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2016-04-01 03:07:42 UTC | |||
| Jason Shepherd | 2016-04-03 23:18:53 UTC | Whiteboard | impact=low,public=20160108,reported=20160127,source=redhat,cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:N/A:P,cwe=CWE-476,rhel-5/krb5=notaffected,rhel-6/krb5=notaffected,rhel-7/krb5=affected,jbews-2/krb5=new,fedora-all/krb5=affected | impact=low,public=20160108,reported=20160127,source=redhat,cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:N/A:P,cwe=CWE-476,rhel-5/krb5=notaffected,rhel-6/krb5=notaffected,rhel-7/krb5=affected,jbews-2/krb5=notaffected,fedora-all/krb5=affected |
| Product Security DevOps Team | 2019-09-29 13:43:28 UTC | Whiteboard | impact=low,public=20160108,reported=20160127,source=redhat,cvss2=2.1/AV:N/AC:H/Au:S/C:N/I:N/A:P,cwe=CWE-476,rhel-5/krb5=notaffected,rhel-6/krb5=notaffected,rhel-7/krb5=affected,jbews-2/krb5=notaffected,fedora-all/krb5=affected |
Back to bug 1302632