Hide Forgot
It was reported that the KDC plugin for PKINIT could dereference a NULL pointer when a malformed packet caused processing to terminate early, which led to a crash of the KDC process. An attacker would require a valid PKINIT certificate or have observed a successful PKINIT authentication to execute a successful attack. In addition, an unauthenticated attacker could execute the attack of anonymouse PKINIT was enabled. The PKINIT plugin was introduced in version 1.6.3; versions prior are not affected by this vulnerability. External References: http://krbdev.mit.edu/rt/Ticket/Display.html?id=7570 http://web.mit.edu/kerberos/krb5-1.11/ Statement: This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 5 as they did not include support for PKINIT.
Upstream fix is here: https://github.com/krb5/krb5/commit/f249555301940c6df3a2cdda13b56b5674eebc2e and it is fixed in upstream version 1.11.1.
Created krb5 tracking bugs for this issue Affects: fedora-all [bug 914756]
krb5-1.10.2-9.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2013:0656 https://rhn.redhat.com/errata/RHSA-2013-0656.html
krb5-1.10.3-14.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
Kerberos 5 release krb5-1.9.5 announcement: http://web.mit.edu/kerberos/krb5-1.9/krb5-1.9.5.html#announcement