what you don't know can hurt you
Showing 1 - 7 of 7 RSS Feed

CVE-2011-1528

Status Candidate

Overview

The krb5_ldap_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors, related to the locked_check_p function. NOTE: the Berkeley DB vector is covered by CVE-2011-4151.

Related Files

Gentoo Linux Security Advisory 201201-13
Posted Jan 24, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201201-13 - Multiple vulnerabilities have been found in MIT Kerberos 5, the most severe of which may allow remote execution of arbitrary code. Versions less than 1.9.2-r1 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2009-3295, CVE-2009-4212, CVE-2010-0283, CVE-2010-0629, CVE-2010-1320, CVE-2010-1321, CVE-2010-1322, CVE-2010-1323, CVE-2010-1324, CVE-2010-4020, CVE-2010-4021, CVE-2010-4022, CVE-2011-0281, CVE-2011-0282, CVE-2011-0283, CVE-2011-0284, CVE-2011-0285, CVE-2011-1527, CVE-2011-1528, CVE-2011-1529, CVE-2011-1530, CVE-2011-4151
MD5 | 2ae92c1cf6aa850675b9c489b3eb7e1f
Debian Security Advisory 2379-1
Posted Jan 4, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2379-1 - It was discovered that the Key Distribution Center (KDC) in Kerberos 5 crashes when processing certain crafted requests.

tags | advisory
systems | linux, debian
advisories | CVE-2011-1528, CVE-2011-1529
MD5 | e686ca5f9bce5541546ac1695b954944
Mandriva Linux Security Advisory 2011-160
Posted Oct 23, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-160 - The krb5_ldap_lockout_audit function in the Key Distribution Center 1.8 through 1.8.4 and 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service via unspecified vectors, related to the locked_check_p function. The lookup_lockout_policy function in the Key Distribution Center in MIT Kerberos 5 1.8 through 1.8.4 and 1.9 through 1.9.1, when the db2 or LDAP back end is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger certain process_as_req errors. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2011-1528, CVE-2011-1529
MD5 | 748e0b6ec743267edeff02a905ced913
Mandriva Linux Security Advisory 2011-159
Posted Oct 23, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-159 - The kdb_ldap plugin in the Key Distribution Center in MIT Kerberos 5 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service via a kinit operation with incorrect string case for the realm, related to the is_principal_in_realm, krb5_set_error_message, krb5_ldap_get_principal, and process_as_req functions. The krb5_ldap_lockout_audit function in the Key Distribution Center 1.8 through 1.8.4 and 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service via unspecified vectors, related to the locked_check_p function. The lookup_lockout_policy function in the Key Distribution Center in MIT Kerberos 5 1.8 through 1.8.4 and 1.9 through 1.9.1, when the db2 or LDAP back end is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger certain process_as_req errors. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2011-1527, CVE-2011-1528, CVE-2011-1529
MD5 | 779a71fcefab26a8776b0bc7268721eb
MIT krb5 Security Advisory 2011-006
Posted Oct 20, 2011
Site web.mit.edu

MIT krb5 Security Advisory 2011-006 - In releases krb5-1.9 and later, the KDC can crash due to a null pointer dereference if configured to use the LDAP back end. A trigger condition is publicly known but not known to be widely circulated. In releases krb5-1.8 and later, the KDC can crash due to an assertion failure. No exploit is known to exist, but there is public evidence that the unidentified trigger condition occurs in the field. In releases krb5-1.8 and later, the KDC can crash due to a null pointer dereference. No exploit is known to exist.

tags | advisory
advisories | CVE-2011-1527, CVE-2011-1528, CVE-2011-1529
MD5 | 3a4a43e1df117ea89f7e2b3b8b096f97
Ubuntu Security Notice USN-1233-1
Posted Oct 19, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1233-1 - Nalin Dahyabhai, Andrej Ota and Kyle Moffett discovered a NULL pointer dereference in the KDC LDAP backend. An unauthenticated remote attacker could use this to cause a denial of service. This issue affected Ubuntu 11.10. Mark Deneen discovered that an assert() could be triggered in the krb5_ldap_lockout_audit() function in the KDC LDAP backend and the krb5_db2_lockout_audit() function in the KDC DB2 backend. An unauthenticated remote attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2011-1527, CVE-2011-1528, CVE-2011-1529
MD5 | b3c73fefd9b4d268ebb20b5c808007e1
Red Hat Security Advisory 2011-1379-01
Posted Oct 19, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1379-01 - Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center. Multiple NULL pointer dereference and assertion failure flaws were found in the MIT Kerberos KDC when it was configured to use an LDAP or Berkeley Database back end. A remote attacker could use these flaws to crash the KDC.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2011-1527, CVE-2011-1528, CVE-2011-1529
MD5 | f6eb4a87cc6580c85fa276103fb58991
Page 1 of 1
Back1Next

File Archive:

August 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    1 Files
  • 2
    Aug 2nd
    7 Files
  • 3
    Aug 3rd
    0 Files
  • 4
    Aug 4th
    0 Files
  • 5
    Aug 5th
    0 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    0 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close