retitle 567052 kadmind segfault forwarded 567052 http://krbdev.mit.edu/rt/Ticket/Display.html?id=5998 tags 567052 fixed-upstream thanks
[If someone with more Debian clue could chase down what package version contains the fix and could update the bug with a "fixed" version accordingly, I would greatly appreciate it.] Assigned CVE-2010-0629 for this kadmind issue; it can cause a denial of service (but requires authentication). The most obvious legitimate operation that can trigger is problem is using a krb5-1.8 kadmin client against an vulnerable kadmind. This is also fixed in krb5-1.7 and later. CVSSv2 metrics: AV:N/AC:L/Au:S/C:N/I:N/A:C/E:POC/RL:OF/RC:C http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2&vector=(AV:N/AC:L/Au:S/C:N/I:N/A:C/E:P/RL:O/RC:C) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
