Veracode Vulnerability DatabaseVERACODE:24615Denial Of Service (DoS)
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
krb5 is vulnerable to denial of service (DoS). The vulnerability exists as a NULL pointer dereference flaw was found in the way the MIT Kerberos KDC processed principal names that were not null terminated, when the KDC was configured to use an LDAP back end. A remote attacker could use this flaw to crash the KDC via a specially-crafted request.
References
lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html
secunia.com/advisories/43260
secunia.com/advisories/43273
secunia.com/advisories/43275
secunia.com/advisories/46397
securityreason.com/securityalert/8073
web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt
www.mandriva.com/security/advisories?name=MDVSA-2011:024
www.mandriva.com/security/advisories?name=MDVSA-2011:025
www.redhat.com/support/errata/RHSA-2011-0199.html
www.redhat.com/support/errata/RHSA-2011-0200.html
www.securityfocus.com/archive/1/516299/100/0/threaded
www.securityfocus.com/archive/1/520102/100/0/threaded
www.securityfocus.com/bid/46271
www.securitytracker.com/id?1025037
www.vmware.com/security/advisories/VMSA-2011-0012.html
www.vupen.com/english/advisories/2011/0330
www.vupen.com/english/advisories/2011/0333
www.vupen.com/english/advisories/2011/0347
www.vupen.com/english/advisories/2011/0464
access.redhat.com/errata/RHSA-2011:0199
access.redhat.com/security/updates/classification/#important
exchange.xforce.ibmcloud.com/vulnerabilities/65323
Related
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P