6.9 Medium
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.146 Low
EPSS
Percentile
95.7%
CentOS Errata and Security Advisory CESA-2011:0199
Kerberos is a network authentication system which allows clients and
servers to authenticate to each other using symmetric encryption and a
trusted third-party, the Key Distribution Center (KDC).
A NULL pointer dereference flaw was found in the way the MIT Kerberos KDC
processed principal names that were not null terminated, when the KDC was
configured to use an LDAP back end. A remote attacker could use this flaw
to crash the KDC via a specially-crafted request. (CVE-2011-0282)
A denial of service flaw was found in the way the MIT Kerberos KDC
processed certain principal names when the KDC was configured to use an
LDAP back end. A remote attacker could use this flaw to cause the KDC to
hang via a specially-crafted request. (CVE-2011-0281)
Red Hat would like to thank the MIT Kerberos Team for reporting these
issues. Upstream acknowledges Kevin Longfellow of Oracle Corporation as the
original reporter of the CVE-2011-0281 issue.
All krb5 users should upgrade to these updated packages, which contain a
backported patch to correct these issues. After installing the updated
packages, the krb5kdc daemon will be restarted automatically.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2011-April/079514.html
https://lists.centos.org/pipermail/centos-announce/2011-April/079515.html
Affected packages:
krb5-devel
krb5-libs
krb5-server
krb5-server-ldap
krb5-workstation
Upstream details at:
https://access.redhat.com/errata/RHSA-2011:0199
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 5 | i386 | krb5-devel | < 1.6.1-55.el5_6.1 | krb5-devel-1.6.1-55.el5_6.1.i386.rpm |
CentOS | 5 | i386 | krb5-libs | < 1.6.1-55.el5_6.1 | krb5-libs-1.6.1-55.el5_6.1.i386.rpm |
CentOS | 5 | i386 | krb5-server | < 1.6.1-55.el5_6.1 | krb5-server-1.6.1-55.el5_6.1.i386.rpm |
CentOS | 5 | i386 | krb5-server-ldap | < 1.6.1-55.el5_6.1 | krb5-server-ldap-1.6.1-55.el5_6.1.i386.rpm |
CentOS | 5 | i386 | krb5-workstation | < 1.6.1-55.el5_6.1 | krb5-workstation-1.6.1-55.el5_6.1.i386.rpm |
CentOS | 5 | i386 | krb5-devel | < 1.6.1-55.el5_6.1 | krb5-devel-1.6.1-55.el5_6.1.i386.rpm |
CentOS | 5 | x86_64 | krb5-devel | < 1.6.1-55.el5_6.1 | krb5-devel-1.6.1-55.el5_6.1.x86_64.rpm |
CentOS | 5 | i386 | krb5-libs | < 1.6.1-55.el5_6.1 | krb5-libs-1.6.1-55.el5_6.1.i386.rpm |
CentOS | 5 | x86_64 | krb5-libs | < 1.6.1-55.el5_6.1 | krb5-libs-1.6.1-55.el5_6.1.x86_64.rpm |
CentOS | 5 | x86_64 | krb5-server | < 1.6.1-55.el5_6.1 | krb5-server-1.6.1-55.el5_6.1.x86_64.rpm |