CVE-2011-0282 - The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backe

CVE-2011-0282

Summary

The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (NULL pointer dereference or buffer over-read, and daemon crash) via a crafted principal name. Per: http://cwe.mitre.org/data/definitions/476.html 'CWE-476: NULL Pointer Dereference'

References

Vulnerable Configurations

cpe:2.3:a:mit:kerberos:5-1.6.3:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos:5-1.6.3:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.6:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.6:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.6.2:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.6.2:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.7:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.7:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.7.1:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.7.1:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.8:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.8:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.8.1:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.8.1:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.8.2:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.8.2:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.8.3:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.8.3:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.9:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.9:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 21-01-2020 - 15:46)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

redhat via4

advisories

bugzilla

id	668726
title	CVE-2011-0282 krb5: KDC crash when using LDAP backend caused by a special principal name (MITKRB5-SA-2011-002)

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 5 is installed
oval oval:com.redhat.rhba:tst:20070331005

AND
comment krb5-devel is earlier than 0:1.6.1-55.el5_6.1
oval oval:com.redhat.rhsa:tst:20110199001
comment krb5-devel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070095011
AND
comment krb5-libs is earlier than 0:1.6.1-55.el5_6.1
oval oval:com.redhat.rhsa:tst:20110199003
comment krb5-libs is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070095013
AND
comment krb5-server is earlier than 0:1.6.1-55.el5_6.1
oval oval:com.redhat.rhsa:tst:20110199005
comment krb5-server is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070095015

AND

comment krb5-server-ldap is earlier than 0:1.6.1-55.el5_6.1
oval oval:com.redhat.rhsa:tst:20110199007
comment krb5-server-ldap is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20110199008

AND

comment krb5-workstation is earlier than 0:1.6.1-55.el5_6.1
oval oval:com.redhat.rhsa:tst:20110199009
comment krb5-workstation is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070095017

rhsa

id	RHSA-2011:0199
released	2011-02-08
severity	Important
title	RHSA-2011:0199: krb5 security update (Important)

bugzilla

id	668726
title	CVE-2011-0282 krb5: KDC crash when using LDAP backend caused by a special principal name (MITKRB5-SA-2011-002)

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

AND
comment krb5-devel is earlier than 0:1.8.2-3.el6_0.4
oval oval:com.redhat.rhsa:tst:20110200001
comment krb5-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20192599002
AND
comment krb5-libs is earlier than 0:1.8.2-3.el6_0.4
oval oval:com.redhat.rhsa:tst:20110200003
comment krb5-libs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20192599004

AND

comment krb5-pkinit-openssl is earlier than 0:1.8.2-3.el6_0.4
oval oval:com.redhat.rhsa:tst:20110200005
comment krb5-pkinit-openssl is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20100863006

AND
comment krb5-server is earlier than 0:1.8.2-3.el6_0.4
oval oval:com.redhat.rhsa:tst:20110200007
comment krb5-server is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20192599008

AND

comment krb5-server-ldap is earlier than 0:1.8.2-3.el6_0.4
oval oval:com.redhat.rhsa:tst:20110200009
comment krb5-server-ldap is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20192599010

AND

comment krb5-workstation is earlier than 0:1.8.2-3.el6_0.4
oval oval:com.redhat.rhsa:tst:20110200011
comment krb5-workstation is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20192599012

rhsa

id	RHSA-2011:0200
released	2011-02-08
severity	Important
title	RHSA-2011:0200: krb5 security update (Important)

rpms

krb5-debuginfo-0:1.6.1-55.el5_6.1
krb5-devel-0:1.6.1-55.el5_6.1
krb5-libs-0:1.6.1-55.el5_6.1
krb5-server-0:1.6.1-55.el5_6.1
krb5-server-ldap-0:1.6.1-55.el5_6.1
krb5-workstation-0:1.6.1-55.el5_6.1
krb5-debuginfo-0:1.8.2-3.el6_0.4
krb5-devel-0:1.8.2-3.el6_0.4
krb5-libs-0:1.8.2-3.el6_0.4
krb5-pkinit-openssl-0:1.8.2-3.el6_0.4
krb5-server-0:1.8.2-3.el6_0.4
krb5-server-ldap-0:1.8.2-3.el6_0.4
krb5-workstation-0:1.8.2-3.el6_0.4

refmap via4

bid	46271
bugtraq	20110208 MITKRB5-SA-2011-002 KDC denial of service attacks [CVE-2011-0281 CVE-2011-0282 CVE-2011-0283] 20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console
confirm	http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt http://www.vmware.com/security/advisories/VMSA-2011-0012.html
mandriva	MDVSA-2011:024 MDVSA-2011:025
sectrack	1025037
secunia	43260 43273 43275 46397
sreason	8073
suse	SUSE-SR:2011:004
vupen	ADV-2011-0330 ADV-2011-0333 ADV-2011-0347 ADV-2011-0464
xf	kerberos-ldap-dos(65323)

Last major update

21-01-2020 - 15:46

Published

10-02-2011 - 18:00

Last modified

21-01-2020 - 15:46