70909 : MIT Kerberos 5 Key Distribution Center (KDC) LDAP Backend Principal Name Handling DoS
Printer | http://osvdb.org/70909 | Email This | Edit Vulnerability

Views This Week	Views All Time	Added to OSVDB	Last Modified	Modified (since 2008)	Percent Complete
7	705	over 2 years ago	9 months ago	10 times	100%

Timeline

Disclosure Date
2011-02-09

Description

Kerberos contains a flaw that may allow a remote denial of service. The issue is triggered when the Key Distribution Center improperly processes certain principal names which causes a NULL pointer dereference error, when an LDAP backend is used, allowing a remote attacker to cause a denial of service via a crafted request.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service
Impact: Loss of Availability
Solution: Patch / RCS
Exploit: Exploit Unknown
Disclosure: Vendor Verified
OSVDB: Security Software

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, MIT Kerberos Team has released a patch to address this vulnerability.

Products

MIT	Kerberos 5	1.7.x
		1.6.x
		1.8.x
		1.9

Oracle Corporation	Solaris	10
		11 Express

References

Security Tracker: 1025037
CVE ID: 2011-0282 (see also: NVD)
Secunia Advisory ID: 43229 43260 43273 43275 43397 43442 44284 46397 47658
Bugtraq ID: 46271
ISS X-Force ID: 65323
Related OSVDB ID: 70909 71972 71973 71974
VUPEN Advisory: ADV-2011-0330 ADV-2011-0333 ADV-2011-0347 ADV-2011-0464
Vendor Specific Solution URL: http://blogs.sun.com/security/entry/cve_2011_0281_cve_2011
Vendor Specific Advisory URL: http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054158.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054161.html
https://hermes.opensuse.org/messages/7305676
https://hermes.opensuse.org/messages/7337735
https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-February/001247.html
Vendor Specific News/Changelog Entry: http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt
http://www.gentoo.org/security/en/glsa/glsa-201201-13.xml
http://www.vmware.com/security/advisories/VMSA-2011-0012.html
Other Advisory URL: http://securityreason.com/securityalert/8073
http://www.mandriva.com/security/advisories?name=MDVSA-2011:024
http://www.mandriva.com/security/advisories?name=MDVSA-2011:025
News Article: http://www.computerworld.com/s/article/9215838/Oracle_to_fix_73_security_bugs_next_week
Mail List Post: http://www.securityfocus.com/archive/1/archive/1/516299/100/0/threaded
RedHat RHSA: https://rhn.redhat.com/errata/RHSA-2011-0199.html
https://rhn.redhat.com/errata/RHSA-2011-0200.html
RHSA-2011:0199 RHSA-2011:0200

Credit

Not Available

CVSSv2 Score

CVSSv2 Base Score = 5.0
Source: nvd.nist.gov | Generated: 2011-02-10 | Disagree?

Comments

Add Comment Hide Add Comment

No Comments.

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.