Submitted by Vincent (CVE) Danen on Fri, 09/18/2015 - 01:30
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (NULL pointer dereference or buffer over-read, and daemon crash) via a crafted principal name.
This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 3 or 4 as they did not include support for the LDAP backend.
CVE-2011-0282 krb5: KDC crash when using LDAP backend caused by a special principal name (MITKRB5-SA-2011-002)
Red Hat would like to thank the MIT Kerberos project for reporting this issue.
Red Hat Security Errata
|Red Hat Enterprise Linux 6 (krb5)||RHSA-2011:0200||2011-02-08|
|Red Hat Enterprise Linux 5 (krb5)||RHSA-2011:0199||2011-02-08|
Affected Packages State
|Red Hat Enterprise Linux 4||krb5||Not affected|
|Red Hat Enterprise Linux 3||krb5||Not affected|