MIT KRB5 Security patches:

1. MIT krb5 Security Advisory 2007-001: Telnetd allows login as arbitrary user CVE: CVE-2007-0956 CERT: VU#220816 2. MIT krb5 Security Advisory 2007-002: KDC, kadmind stack overflow in krb5_klog_syslog CVE: CVE-2007-0957 CERT: VU#704024
author: Cy Schubert <cy@FreeBSD.org> 2007-04-04 21:12:17 +0000
committer: Cy Schubert <cy@FreeBSD.org> 2007-04-04 21:12:17 +0000
commit: ec9ba12ea871a9a5eb70279c4cb54b9001fa3d10 (patch)
tree: 4d40877265f783278c3d51b3d27fa49b737e47a4 /security/krb5-16/files/patch-kdc-kdc_util.c
parent: Update to 1.36 (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/security/krb5-16/files/patch-kdc-kdc_util.c b/security/krb5-16/files/patch-kdc-kdc_util.c
new file mode 100644
index 000000000000..7ace820c79c0
--- /dev/null
+++ b/security/krb5-16/files/patch-kdc-kdc_util.c
@@ -0,0 +1,10 @@
+--- kdc/kdc_util.c.orig	Wed Oct 11 17:33:12 2006
++++ kdc/kdc_util.c	Wed Apr  4 13:53:04 2007
+@@ -404,6 +404,7 @@
+ 
+ 	krb5_db_free_principal(kdc_context, &server, nprincs);
+ 	if (!krb5_unparse_name(kdc_context, ticket->server, &sname)) {
++	    limit_string(sname);
+ 	    krb5_klog_syslog(LOG_ERR,"TGS_REQ: UNKNOWN SERVER: server='%s'",
+ 			     sname);
+ 	    free(sname);
author	Cy Schubert <cy@FreeBSD.org>	2007-04-04 21:12:17 +0000
committer	Cy Schubert <cy@FreeBSD.org>	2007-04-04 21:12:17 +0000
commit	ec9ba12ea871a9a5eb70279c4cb54b9001fa3d10 (patch)
tree	4d40877265f783278c3d51b3d27fa49b737e47a4 /security/krb5-16/files/patch-kdc-kdc_util.c
parent	Update to 1.36 (diff)