CERTVU:659251Multiple MIT KRB5 KDC daemon vulnerabilities
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.738 High
EPSS
Percentile
98.1%
Overview
MIT’s KRB5 KDC version 1.8 and 1.9 contain multiple vulnerabilities.
Description
The MIT krb5 Security Advisory 2011-006 states:
_CVE-2011-1527: In releases krb5-1.9 and later, the KDC can crash due to a null pointer dereference if configured to use the LDAP back end. A trigger condition is publicly known but not known to be widely circulated.
CVE-2011-1528: In releases krb5-1.8 and later, the KDC can crash due to an assertion failure. No exploit is known to exist, but there is public evidence that the unidentified trigger condition occurs in the field.
CVE-2011-1529: In releases krb5-1.8 and later, the KDC can crash due to a null pointer dereference. No exploit is known to exist._
CVE-2011-4151: In releases krb5-1.8 through krb5-1.8.4, the KDC can crash due to an assertion failure if configured to use the Berkeley DB (“db2”) back end.
Impact
The MIT krb5 Security Advisory 2011-006 states:
_CVE-2011-1527: An unauthenticated remote attacker can crash a KDC daemon via null pointer dereference if the KDC is configured to use the LDAP back end. (This is not the default configuration.)
CVE-2011-1528: An unauthenticated remote attacker can crash a KDC daemon via assertion failure.
CVE-2011-1529: An unauthenticated remote attacker can crash a KDC daemon via null pointer dereference._
CVE-2011-4151: An unauthenticated remote attacker can crash a KDC daemon via assertion failure if the KDC is configured to use the Berkeley DB (“db2”) back end.
Solution
The MIT krb5 Security Advisory 2011-006 states:
* _The patch for krb5-1.9.x is available at: _[_http://web.mit.edu/kerberos/advisories/2011-006-patch.txt_](<http://web.mit.edu/kerberos/advisories/2011-006-patch.txt>)_
A PGP-signed patch is available at: http://web.mit.edu/kerberos/advisories/2011-006-patch.txt.asc
_
* _The patch for krb5-1.8.x is available at: http://web.mit.edu/kerberos/advisories/2011-006-patch-r18.txt
A PGP-signed patch is available at: _http://web.mit.edu/kerberos/advisories/2011-006-patch-r18.txt.asc
Vendor Information
659251
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
MIT Kerberos Development Team Affected
Updated: October 24, 2011
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Vendor References
- <http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-006.txt>
- <http://web.mit.edu/kerberos/advisories/2011-006-patch.txt>
- <http://web.mit.edu/kerberos/advisories/2011-006-patch.txt.asc>
- <http://web.mit.edu/kerberos/advisories/2011-006-patch-r18.txt>
- <http://web.mit.edu/kerberos/advisories/2011-006-patch-r18.txt.asc>
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- <http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-006.txt>
- <http://web.mit.edu/kerberos/advisories/2011-006-patch.txt>
- <http://web.mit.edu/kerberos/advisories/2011-006-patch.txt.asc>
- <http://web.mit.edu/kerberos/advisories/2011-006-patch-r18.txt>
- <http://web.mit.edu/kerberos/advisories/2011-006-patch-r18.txt.asc>
Acknowledgements
This document was written by Michael Orlando.
Other Information
| CVE IDs: | CVE-2011-1527, CVE-2011-1528, CVE-2011-1529, CVE-2011-4151 |
|---|---|
| Severity Metric: | 8.29 Date Public: |
Related
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.738 High
EPSS
Percentile
98.1%