ID CVE-2011-1530
Summary The process_tgs_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS request that triggers an error other than the KRB5_KDB_NOENTRY error.
References
Vulnerable Configurations
  • cpe:2.3:a:mit:mit_kerberos:5.1.9:*:*:*:*:*:*:*
    cpe:2.3:a:mit:mit_kerberos:5.1.9:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:mit_kerberos:5.1.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:mit:mit_kerberos:5.1.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:mit_kerberos:5.1.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:mit:mit_kerberos:5.1.9.2:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 09-10-2018 - 19:31)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:S/C:N/I:N/A:C
redhat via4
advisories
bugzilla
id 753748
title CVE-2011-1530 krb5 (krb5kdc): NULL pointer dereference in the TGS handling (MITKRB5-SA-2011-007)
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 6 Client is installed
      oval oval:com.redhat.rhba:tst:20111656001
    • comment Red Hat Enterprise Linux 6 Server is installed
      oval oval:com.redhat.rhba:tst:20111656002
    • comment Red Hat Enterprise Linux 6 Workstation is installed
      oval oval:com.redhat.rhba:tst:20111656003
    • comment Red Hat Enterprise Linux 6 ComputeNode is installed
      oval oval:com.redhat.rhba:tst:20111656004
  • OR
    • AND
      • comment krb5-devel is earlier than 0:1.9-22.el6_2.1
        oval oval:com.redhat.rhsa:tst:20111790009
      • comment krb5-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100863012
    • AND
      • comment krb5-libs is earlier than 0:1.9-22.el6_2.1
        oval oval:com.redhat.rhsa:tst:20111790007
      • comment krb5-libs is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100863016
    • AND
      • comment krb5-pkinit-openssl is earlier than 0:1.9-22.el6_2.1
        oval oval:com.redhat.rhsa:tst:20111790015
      • comment krb5-pkinit-openssl is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100863008
    • AND
      • comment krb5-server is earlier than 0:1.9-22.el6_2.1
        oval oval:com.redhat.rhsa:tst:20111790011
      • comment krb5-server is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100863010
    • AND
      • comment krb5-server-ldap is earlier than 0:1.9-22.el6_2.1
        oval oval:com.redhat.rhsa:tst:20111790005
      • comment krb5-server-ldap is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100863006
    • AND
      • comment krb5-workstation is earlier than 0:1.9-22.el6_2.1
        oval oval:com.redhat.rhsa:tst:20111790013
      • comment krb5-workstation is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100863014
rhsa
id RHSA-2011:1790
released 2011-12-06
severity Moderate
title RHSA-2011:1790: krb5 security update (Moderate)
rpms
  • krb5-devel-0:1.9-22.el6_2.1
  • krb5-libs-0:1.9-22.el6_2.1
  • krb5-pkinit-openssl-0:1.9-22.el6_2.1
  • krb5-server-0:1.9-22.el6_2.1
  • krb5-server-ldap-0:1.9-22.el6_2.1
  • krb5-workstation-0:1.9-22.el6_2.1
refmap via4
bid 50929
bugtraq 20111206 MITKRB5-SA-2011-007 KDC null pointer dereference in TGS handling [CVE-2011-1530]
confirm http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-007.txt
mandriva MDVSA-2011:184
sectrack 1026374
secunia 47124
xf kerberos-processtgsreq-dos(71655)
Last major update 09-10-2018 - 19:31
Published 08-12-2011 - 20:55
Back to Top