ID CVE-2011-1530
Summary The process_tgs_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS request that triggers an error other than the KRB5_KDB_NOENTRY error.
References
Vulnerable Configurations
  • cpe:2.3:a:mit:mit_kerberos:5.1.9
    cpe:2.3:a:mit:mit_kerberos:5.1.9
  • cpe:2.3:a:mit:mit_kerberos:5.1.9.1
    cpe:2.3:a:mit:mit_kerberos:5.1.9.1
  • cpe:2.3:a:mit:mit_kerberos:5.1.9.2
    cpe:2.3:a:mit:mit_kerberos:5.1.9.2
CVSS
Base: 6.8 (as of 09-12-2011 - 14:03)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201201-13.NASL
    description The remote host is affected by the vulnerability described in GLSA-201201-13 (MIT Kerberos 5: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in MIT Kerberos 5. Please review the CVE identifiers referenced below for details. Impact : A remote attacker may be able to execute arbitrary code with the privileges of the administration daemon or the Key Distribution Center (KDC) daemon, cause a Denial of Service condition, or possibly obtain sensitive information. Furthermore, a remote attacker may be able to spoof Kerberos authorization, modify KDC responses, forge user data messages, forge tokens, forge signatures, impersonate a client, modify user-visible prompt text, or have other unspecified impact. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 57655
    published 2012-01-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57655
    title GLSA-201201-13 : MIT Kerberos 5: Multiple vulnerabilities
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20111206_KRB5_ON_SL6_X.NASL
    description Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third party, the Key Distribution Center (KDC). A NULL pointer dereference flaw was found in the way the MIT Kerberos KDC processed certain TGS (Ticket-granting Server) requests. A remote, authenticated attacker could use this flaw to crash the KDC via a specially crafted TGS request. (CVE-2011-1530) All krb5 users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the krb5kdc daemon will be restarted automatically.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 61190
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61190
    title Scientific Linux Security Update : krb5 on SL6.x i386/x86_64
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2011-28.NASL
    description A NULL pointer dereference flaw was found in the way the MIT Kerberos KDC processed certain TGS (Ticket-granting Server) requests. A remote, authenticated attacker could use this flaw to crash the KDC via a specially crafted TGS request. (CVE-2011-1530)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 69587
    published 2013-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69587
    title Amazon Linux AMI : krb5 (ALAS-2011-28)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2011-58.NASL
    description - fix KDC NULL pointer dereference in TGS handling (MITKRB5-SA-2011-007, bnc#730393) CVE-2011-1530 - fix KDC HA feature introduced with implementing KDC poll (RT#6951) - fix minor error messages for the IAKERB GSSAPI mechanism (see: http://krbdev.mit.edu/rt/Ticket/Display.html?id=7020) - fix KDC NULL pointer dereference in TGS handling (MITKRB5-SA-2011-007, bnc#730393) CVE-2011-1530 - fix KDC HA feature introduced with implementing KDC poll (RT#6951, bnc#731648) - fix minor error messages for the IAKERB GSSAPI mechanism (see: http://krbdev.mit.edu/rt/Ticket/Display.html?id=7020)
    last seen 2019-02-21
    modified 2014-08-20
    plugin id 74531
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74531
    title openSUSE Security Update : krb5 (openSUSE-2011-58)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2011-1790.NASL
    description Updated krb5 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC). A NULL pointer dereference flaw was found in the way the MIT Kerberos KDC processed certain TGS (Ticket-granting Server) requests. A remote, authenticated attacker could use this flaw to crash the KDC via a specially crafted TGS request. (CVE-2011-1530) Red Hat would like to thank the MIT Kerberos project for reporting this issue. All krb5 users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the krb5kdc daemon will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 57036
    published 2011-12-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57036
    title RHEL 6 : krb5 (RHSA-2011:1790)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1290-1.NASL
    description Simo Sorce discovered that a NULL pointer dereference existed in the Kerberos Key Distribution Center (KDC). An authenticated remote attacker could use this to cause a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 57048
    published 2011-12-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57048
    title Ubuntu 11.10 : krb5 vulnerability (USN-1290-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2011-184.NASL
    description A vulnerability has been discovered and corrected in krb5 : The process_tgs_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS request that triggers an error other than the KRB5_KDB_NOENTRY error (CVE-2011-1530). The updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 61939
    published 2012-09-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61939
    title Mandriva Linux Security Advisory : krb5 (MDVSA-2011:184)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2011-1790.NASL
    description Updated krb5 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC). A NULL pointer dereference flaw was found in the way the MIT Kerberos KDC processed certain TGS (Ticket-granting Server) requests. A remote, authenticated attacker could use this flaw to crash the KDC via a specially crafted TGS request. (CVE-2011-1530) Red Hat would like to thank the MIT Kerberos project for reporting this issue. All krb5 users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the krb5kdc daemon will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 57375
    published 2011-12-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57375
    title CentOS 6 : krb5 (CESA-2011:1790)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2011-1790.NASL
    description From Red Hat Security Advisory 2011:1790 : Updated krb5 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC). A NULL pointer dereference flaw was found in the way the MIT Kerberos KDC processed certain TGS (Ticket-granting Server) requests. A remote, authenticated attacker could use this flaw to crash the KDC via a specially crafted TGS request. (CVE-2011-1530) Red Hat would like to thank the MIT Kerberos project for reporting this issue. All krb5 users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the krb5kdc daemon will be restarted automatically.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68400
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68400
    title Oracle Linux 6 : krb5 (ELSA-2011-1790)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_6C7D9A35260811E189B4001EC9578670.NASL
    description The MIT Kerberos Team reports : In releases krb5-1.9 and later, the KDC can crash due to a NULL pointer dereference in code that handles TGS (Ticket Granting Service) requests. The trigger condition is trivial to produce using unmodified client software, but requires the ability to authenticate as a principal in the KDC's realm.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 57293
    published 2011-12-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57293
    title FreeBSD : krb5 -- KDC NULL pointer dereference in TGS handling (6c7d9a35-2608-11e1-89b4-001ec9578670)
redhat via4
advisories
bugzilla
id 753748
title CVE-2011-1530 krb5 (krb5kdc): NULL pointer dereference in the TGS handling (MITKRB5-SA-2011-007)
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 6 Client is installed
      oval oval:com.redhat.rhba:tst:20111656001
    • comment Red Hat Enterprise Linux 6 Server is installed
      oval oval:com.redhat.rhba:tst:20111656002
    • comment Red Hat Enterprise Linux 6 Workstation is installed
      oval oval:com.redhat.rhba:tst:20111656003
    • comment Red Hat Enterprise Linux 6 ComputeNode is installed
      oval oval:com.redhat.rhba:tst:20111656004
  • OR
    • AND
      • comment krb5-devel is earlier than 0:1.9-22.el6_2.1
        oval oval:com.redhat.rhsa:tst:20111790009
      • comment krb5-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100863012
    • AND
      • comment krb5-libs is earlier than 0:1.9-22.el6_2.1
        oval oval:com.redhat.rhsa:tst:20111790007
      • comment krb5-libs is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100863016
    • AND
      • comment krb5-pkinit-openssl is earlier than 0:1.9-22.el6_2.1
        oval oval:com.redhat.rhsa:tst:20111790015
      • comment krb5-pkinit-openssl is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100863008
    • AND
      • comment krb5-server is earlier than 0:1.9-22.el6_2.1
        oval oval:com.redhat.rhsa:tst:20111790011
      • comment krb5-server is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100863010
    • AND
      • comment krb5-server-ldap is earlier than 0:1.9-22.el6_2.1
        oval oval:com.redhat.rhsa:tst:20111790005
      • comment krb5-server-ldap is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100863006
    • AND
      • comment krb5-workstation is earlier than 0:1.9-22.el6_2.1
        oval oval:com.redhat.rhsa:tst:20111790013
      • comment krb5-workstation is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100863014
rhsa
id RHSA-2011:1790
released 2011-12-06
severity Moderate
title RHSA-2011:1790: krb5 security update (Moderate)
rpms
  • krb5-devel-0:1.9-22.el6_2.1
  • krb5-libs-0:1.9-22.el6_2.1
  • krb5-pkinit-openssl-0:1.9-22.el6_2.1
  • krb5-server-0:1.9-22.el6_2.1
  • krb5-server-ldap-0:1.9-22.el6_2.1
  • krb5-workstation-0:1.9-22.el6_2.1
refmap via4
bid 50929
bugtraq 20111206 MITKRB5-SA-2011-007 KDC null pointer dereference in TGS handling [CVE-2011-1530]
confirm http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-007.txt
mandriva MDVSA-2011:184
sectrack 1026374
secunia 47124
xf kerberos-processtgsreq-dos(71655)
Last major update 18-01-2012 - 22:56
Published 08-12-2011 - 15:55
Last modified 09-10-2018 - 15:31
Back to Top