GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, an incorrect free when decoding target information can trigger a denial of service. The error condition incorrectly assumes the cb
and sh
buffers contain a copy of the data that needs to be freed. However, that is not the case. This vulnerability can be triggered via the main gss_accept_sec_context
entry point. This will likely trigger an assertion failure in free
, causing a denial-of-service. This issue is fixed in version 1.2.0.
The product attempts to return a memory resource to the system, but it calls the wrong release function or calls the appropriate release function incorrectly.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Gss-ntlmssp | Gss-ntlmssp_project | * | 1.2.0 (excluding) |
This weakness can take several forms, such as: