Bug 15204 - [NOT SECURITY] Heimdal Kerbos vulnerable to remotely triggered NULL pointer dereference
Summary: [NOT SECURITY] Heimdal Kerbos vulnerable to remotely triggered NULL pointer d...
Status: RESOLVED DUPLICATE of bug 15155
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Other (show other bugs)
Version: 4.17.0
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
URL: https://kb.cert.org/vuls/id/730793
Depends on:
Reported: 2022-10-13 20:13 UTC by Andrew Bartlett
Modified: 2022-10-13 20:22 UTC (History)
0 users

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Bartlett 2022-10-13 20:13:12 UTC
It has been disclosed that Heimdal, including the ~0.7 version we ship in Samba 4.15 includes a NULL pointer dereference.

Per CERT: "A malicious actor to remotely trigger a NULL pointer dereference using a crafted negTokenInit token."

Samba is not issuing a security release becase:
 - Samba security policy does not require us to patch for a simple crash
 - The code in question is not used in Samba, as we have our own SPNEGO implementation.
Comment 1 Andrew Bartlett 2022-10-13 20:14:47 UTC
Marking as INVALID (would just as well be WONTFIX - and also FIXED in samba 4.16 and later, as the newer Heimdal snapshot is used there) as Samba is not impacted.
Comment 2 Andrew Bartlett 2022-10-13 20:21:48 UTC

*** This bug has been marked as a duplicate of bug 15155 ***