CVE-2011-0281 - The unparse implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x t

CVE-2011-0281

Summary

The unparse implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (file descriptor exhaustion and daemon hang) via a principal name that triggers use of a backslash escape sequence, as demonstrated by a \n sequence.

References

Vulnerable Configurations

cpe:2.3:a:mit:kerberos:5-1.6.3:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos:5-1.6.3:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.6:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.6:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.6.2:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.6.2:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.7:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.7:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.7.1:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.7.1:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.8:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.8:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.8.1:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.8.1:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.8.2:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.8.2:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.8.3:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.8.3:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.9:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.9:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 21-01-2020 - 15:46)
Impact:
Exploitability:

CWE

CWE-310

CAPEC

Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

redhat via4

advisories

rhsa
id RHSA-2011:0199
rhsa
id RHSA-2011:0200

rpms

krb5-debuginfo-0:1.6.1-55.el5_6.1
krb5-devel-0:1.6.1-55.el5_6.1
krb5-libs-0:1.6.1-55.el5_6.1
krb5-server-0:1.6.1-55.el5_6.1
krb5-server-ldap-0:1.6.1-55.el5_6.1
krb5-workstation-0:1.6.1-55.el5_6.1
krb5-debuginfo-0:1.8.2-3.el6_0.4
krb5-devel-0:1.8.2-3.el6_0.4
krb5-libs-0:1.8.2-3.el6_0.4
krb5-pkinit-openssl-0:1.8.2-3.el6_0.4
krb5-server-0:1.8.2-3.el6_0.4
krb5-server-ldap-0:1.8.2-3.el6_0.4
krb5-workstation-0:1.8.2-3.el6_0.4

refmap via4

bid	46265
bugtraq	20110208 MITKRB5-SA-2011-002 KDC denial of service attacks [CVE-2011-0281 CVE-2011-0282 CVE-2011-0283] 20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console
confirm	http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt http://www.vmware.com/security/advisories/VMSA-2011-0012.html
mandriva	MDVSA-2011:024 MDVSA-2011:025
mlist	[kerberos] 20101222 LDAP handle unavailable: Can't contact LDAP server
sectrack	1025037
secunia	43260 43273 43275 46397
sreason	8073
suse	SUSE-SR:2011:004
vupen	ADV-2011-0330 ADV-2011-0333 ADV-2011-0347 ADV-2011-0464
xf	kerberos-ldap-descriptor-dos(65324)

Last major update

21-01-2020 - 15:46

Published

10-02-2011 - 18:00

Last modified

21-01-2020 - 15:46