exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

CVE-2011-1527

Status Candidate

Overview

The kdb_ldap plugin in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a kinit operation with incorrect string case for the realm, related to the is_principal_in_realm, krb5_set_error_message, krb5_ldap_get_principal, and process_as_req functions.

Related Files

Gentoo Linux Security Advisory 201201-13
Posted Jan 24, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201201-13 - Multiple vulnerabilities have been found in MIT Kerberos 5, the most severe of which may allow remote execution of arbitrary code. Versions less than 1.9.2-r1 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2009-3295, CVE-2009-4212, CVE-2010-0283, CVE-2010-0629, CVE-2010-1320, CVE-2010-1321, CVE-2010-1322, CVE-2010-1323, CVE-2010-1324, CVE-2010-4020, CVE-2010-4021, CVE-2010-4022, CVE-2011-0281, CVE-2011-0282, CVE-2011-0283, CVE-2011-0284, CVE-2011-0285, CVE-2011-1527, CVE-2011-1528, CVE-2011-1529, CVE-2011-1530, CVE-2011-4151
SHA-256 | 5fe5b981b497ad572aa4e53428ce29f2dcd53be74dc124715f4b3cff09100dd9
Mandriva Linux Security Advisory 2011-159
Posted Oct 23, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-159 - The kdb_ldap plugin in the Key Distribution Center in MIT Kerberos 5 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service via a kinit operation with incorrect string case for the realm, related to the is_principal_in_realm, krb5_set_error_message, krb5_ldap_get_principal, and process_as_req functions. The krb5_ldap_lockout_audit function in the Key Distribution Center 1.8 through 1.8.4 and 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service via unspecified vectors, related to the locked_check_p function. The lookup_lockout_policy function in the Key Distribution Center in MIT Kerberos 5 1.8 through 1.8.4 and 1.9 through 1.9.1, when the db2 or LDAP back end is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger certain process_as_req errors. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2011-1527, CVE-2011-1528, CVE-2011-1529
SHA-256 | 160ee6d63219f4df8bde7d3c04e4d92dd792086ff9d166e64e365f50ecc5c75e
MIT krb5 Security Advisory 2011-006
Posted Oct 20, 2011
Site web.mit.edu

MIT krb5 Security Advisory 2011-006 - In releases krb5-1.9 and later, the KDC can crash due to a null pointer dereference if configured to use the LDAP back end. A trigger condition is publicly known but not known to be widely circulated. In releases krb5-1.8 and later, the KDC can crash due to an assertion failure. No exploit is known to exist, but there is public evidence that the unidentified trigger condition occurs in the field. In releases krb5-1.8 and later, the KDC can crash due to a null pointer dereference. No exploit is known to exist.

tags | advisory
advisories | CVE-2011-1527, CVE-2011-1528, CVE-2011-1529
SHA-256 | 8b04ece8c34bca3fda0990a86bfcf42198a26b09a9a26da0008d965a7b170253
Ubuntu Security Notice USN-1233-1
Posted Oct 19, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1233-1 - Nalin Dahyabhai, Andrej Ota and Kyle Moffett discovered a NULL pointer dereference in the KDC LDAP backend. An unauthenticated remote attacker could use this to cause a denial of service. This issue affected Ubuntu 11.10. Mark Deneen discovered that an assert() could be triggered in the krb5_ldap_lockout_audit() function in the KDC LDAP backend and the krb5_db2_lockout_audit() function in the KDC DB2 backend. An unauthenticated remote attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2011-1527, CVE-2011-1528, CVE-2011-1529
SHA-256 | 260023c2168a6d777713e24fc88c1d9f550cbd57d478d0bfa9df694c73399e85
Red Hat Security Advisory 2011-1379-01
Posted Oct 19, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1379-01 - Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center. Multiple NULL pointer dereference and assertion failure flaws were found in the MIT Kerberos KDC when it was configured to use an LDAP or Berkeley Database back end. A remote attacker could use these flaws to crash the KDC.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2011-1527, CVE-2011-1528, CVE-2011-1529
SHA-256 | 3d6771e4cf54c7c15da89a0109e505400e96e3e7d851a51fb3c6f07261a1b7e4
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close