You are here

CVE-2011-0282

Vincent (CVE) Danen's picture
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (NULL pointer dereference or buffer over-read, and daemon crash) via a crafted principal name.

Details Source

Mitre

Statement

This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 3 or 4 as they did not include support for the LDAP backend.

Public Date

2011-02-08 00:00:00

Impact

Important

Bugzilla

CVE-2011-0282 krb5: KDC crash when using LDAP backend caused by a special principal name (MITKRB5-SA-2011-002)

Bugzilla ID

668 726

CVSS Status

verified

Base Score

5.00

Base Metrics

AV:N/AC:L/Au:N/C:N/I:N/A:P

Acknowledgements

Red Hat would like to thank the MIT Kerberos project for reporting this issue.

IAVA

2011-A-0147

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 6 (krb5) RHSA-2011:0200 2011-02-08
Red Hat Enterprise Linux 5 (krb5) RHSA-2011:0199 2011-02-08

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 4 krb5 Not affected
Red Hat Enterprise Linux 3 krb5 Not affected