Vulnerability Description
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (NULL pointer dereference or buffer over-read, and daemon crash) via a crafted principal name.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mit | Kerberos | 5-1.6.3 |
| Mit | Kerberos 5 | 1.6 |
References
- http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html
- http://secunia.com/advisories/43260Vendor Advisory
- http://secunia.com/advisories/43273Vendor Advisory
- http://secunia.com/advisories/43275Vendor Advisory
- http://secunia.com/advisories/46397
- http://securityreason.com/securityalert/8073
- http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txtVendor Advisory
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:024
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:025
- http://www.redhat.com/support/errata/RHSA-2011-0199.html
- http://www.redhat.com/support/errata/RHSA-2011-0200.html
- http://www.securityfocus.com/archive/1/516299/100/0/threaded
- http://www.securityfocus.com/archive/1/520102/100/0/threaded
- http://www.securityfocus.com/bid/46271
- http://www.securitytracker.com/id?1025037
FAQ
What is CVE-2011-0282?
CVE-2011-0282 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (NULL pointer dereference or buffer...
How severe is CVE-2011-0282?
CVE-2011-0282 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-0282?
Check the references section above for vendor advisories and patch information. Affected products include: Mit Kerberos, Mit Kerberos 5.