Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66]) by www.NetBSD.org (Postfix) with ESMTP id DC8C563F058 for ; Mon, 13 May 2013 22:42:36 +0000 (UTC) Received: by mail.netbsd.org (Postfix, from userid 605) id 9BA1A14A1B1; Mon, 13 May 2013 22:42:36 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id B5E0C14A1AE for ; Mon, 13 May 2013 22:42:34 +0000 (UTC) X-Virus-Scanned: amavisd-new at NetBSD.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id t931Z-BjmiW1 for ; Mon, 13 May 2013 22:42:34 +0000 (UTC) Received: from ivanova.netbsd.org (cvs.NetBSD.org [IPv6:2001:4f8:3:7:2e0:81ff:fe30:95bd]) by mail.netbsd.org (Postfix) with ESMTP id 3455A14A1AD for ; Mon, 13 May 2013 22:42:34 +0000 (UTC) Received: by ivanova.netbsd.org (Postfix, from userid 500) id 2A59381; Mon, 13 May 2013 22:42:34 +0000 (UTC) Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" MIME-Version: 1.0 Date: Mon, 13 May 2013 22:42:34 +0000 From: "Tim Zingelman" Subject: CVS commit: pkgsrc/security/mit-krb5 To: pkgsrc-changes@NetBSD.org Reply-To: tez@netbsd.org X-Mailer: log_accum Message-Id: <20130513224234.2A59381@ivanova.netbsd.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk Module Name: pkgsrc Committed By: tez Date: Mon May 13 22:42:34 UTC 2013 Modified Files: pkgsrc/security/mit-krb5: Makefile distinfo Added Files: pkgsrc/security/mit-krb5/patches: patch-kadmin_server_schpw.c Log Message: The kpasswd service provided by kadmind was vulnerable to a UDP "ping-pong" attack [CVE-2002-2443]. Don't respond to packets unless they pass some basic validation, and don't respond to our own error packets. Some authors use CVE-1999-0103 to refer to the kpasswd UDP ping-pong attack or UDP ping-pong attacks in general, but there is discussion leading toward narrowing the definition of CVE-1999-0103 to the echo, chargen, or other similar built-in inetd services. https://github.com/krb5/krb5/commit/cf1a0c411b2668c57c41e9c4efd15ba17b6b322ccvs To generate a diff of this commit: cvs rdiff -u -r1.69 -r1.70 pkgsrc/security/mit-krb5/Makefile cvs rdiff -u -r1.42 -r1.43 pkgsrc/security/mit-krb5/distinfo cvs rdiff -u -r0 -r1.1 \ pkgsrc/security/mit-krb5/patches/patch-kadmin_server_schpw.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.