Veracode Vulnerability DatabaseVERACODE:24614Denial Of Service (DoS)
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
krb5 is vulnerable to denial of service (DoS). The vulnerability exists through the way MIT Kerberos KDC processed certain principal names when the KDC was configured to use an LDAP back end. A remote attacker could use this flaw to cause the KDC to hang via a specially-crafted request.
References
lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html
mailman.mit.edu/pipermail/kerberos/2010-December/016800.html
secunia.com/advisories/43260
secunia.com/advisories/43273
secunia.com/advisories/43275
secunia.com/advisories/46397
securityreason.com/securityalert/8073
web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt
www.mandriva.com/security/advisories?name=MDVSA-2011:024
www.mandriva.com/security/advisories?name=MDVSA-2011:025
www.redhat.com/support/errata/RHSA-2011-0199.html
www.redhat.com/support/errata/RHSA-2011-0200.html
www.securityfocus.com/archive/1/516299/100/0/threaded
www.securityfocus.com/archive/1/520102/100/0/threaded
www.securityfocus.com/bid/46265
www.securitytracker.com/id?1025037
www.vmware.com/security/advisories/VMSA-2011-0012.html
www.vupen.com/english/advisories/2011/0330
www.vupen.com/english/advisories/2011/0333
www.vupen.com/english/advisories/2011/0347
www.vupen.com/english/advisories/2011/0464
access.redhat.com/errata/RHSA-2011:0199
access.redhat.com/security/updates/classification/#important
exchange.xforce.ibmcloud.com/vulnerabilities/65324
Related
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P