ALAS-2017-793 ---- krb5ID: oval:org.secpod.oval:def:1600500 | Date: (C)2017-02-09 (M)2023-11-13 |
Class: PATCH | Family: unix |
A NULL pointer dereference flaw was found in MIT Kerberos kadmind service. An authenticated attacker with permission to modify a principal entry could use this flaw to cause kadmind to dereference a null pointer and crash by supplying an empty DB argument to the modify_principal command, if kadmind was configured to use the LDAP KDB module. A NULL pointer dereference flaw was found in MIT Kerberos krb5kdc service. An authenticated attacker could use this flaw to cause krb5kdc to dereference a null pointer and crash by making an S4U2Self request, if the restrict_anonymous_to_tgt option was set to true
Platform: |
Amazon Linux AMI |