DSA-2052 krb5 -- null pointer dereferenceID: oval:org.mitre.oval:def:11908 | Date: (C)2010-07-31 (M)2022-10-10 |
Class: PATCH | Family: unix |
Shawn Emery discovered that in MIT Kerberos 5 , a system for authenticating users and services on a network, a null pointer dereference flaw in the Generic Security Service Application Program Interface library could allow an authenticated remote attacker to crash any server application using the GSS-API authentication mechanism, by sending a specially-crafted GSS-API token with a missing checksum field.