search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Multiple MIT KRB5 KDC daemon vulnerabilities

Vulnerability Note VU#659251

Original Release Date: 2011-10-24 | Last Revised: 2011-10-24

Overview

MIT's KRB5 KDC version 1.8 and 1.9 contain multiple vulnerabilities.

Description

The MIT krb5 Security Advisory 2011-006 states:

CVE-2011-1527: In releases krb5-1.9 and later, the KDC can crash due to a null pointer dereference if configured to use the LDAP back end. A trigger condition is publicly known but not known to be widely circulated.

CVE-2011-1528: In releases krb5-1.8 and later, the KDC can crash due to an assertion failure. No exploit is known to exist, but there is public evidence that the unidentified trigger condition occurs in the field.

CVE-2011-1529: In releases krb5-1.8 and later, the KDC can crash due to a null pointer dereference. No exploit is known to exist.


CVE-2011-4151: In releases krb5-1.8 through krb5-1.8.4, the KDC can crash due to an assertion failure if configured to use the Berkeley DB ("db2") back end.

Impact

The MIT krb5 Security Advisory 2011-006 states:

CVE-2011-1527: An unauthenticated remote attacker can crash a KDC daemon via null pointer dereference if the KDC is configured to use the LDAP back end. (This is not the default configuration.)

CVE-2011-1528: An unauthenticated remote attacker can crash a KDC daemon via assertion failure.

CVE-2011-1529: An unauthenticated remote attacker can crash a KDC daemon via null pointer dereference.


CVE-2011-4151: An unauthenticated remote attacker can crash a KDC daemon via assertion failure if the KDC is configured to use the Berkeley DB ("db2") back end.

Solution

The MIT krb5 Security Advisory 2011-006 states:

Vendor Information

659251
 
Affected   Unknown   Unaffected

MIT Kerberos Development Team

Updated:  October 24, 2011

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Acknowledgements

This document was written by Michael Orlando.

Other Information

CVE IDs: CVE-2011-1527, CVE-2011-1528, CVE-2011-1529, CVE-2011-4151
Severity Metric: 8.29
Date Public: 2011-10-18
Date First Published: 2011-10-24
Date Last Updated: 2011-10-24 13:27 UTC
Document Revision: 10

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.