Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1530

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2011-1530
Last Modified 18 Jan 2012 10:56:50
Published 08 Dec 2011 03:55:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2011-1530

Summary

The process_tgs_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS request that triggers an error other than the KRB5_KDB_NOENTRY error.

Vulnerable Systems

Application

  • Mit Kerberos 5.1.9

  • Mit Kerberos 5.1.9.1

  • Mit Kerberos 5.1.9.2


References

XF - kerberos-processtgsreq-dos(71655)

BID - 50929

BUGTRAQ - 20111206 MITKRB5-SA-2011-007 KDC null pointer dereference in TGS handling [CVE-2011-1530]

CONFIRM - http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-007.txt

SECTRACK - 1026374

SECUNIA - 47124

REDHAT - RHSA-2011:1790

MANDRIVA - MDVSA-2011:184


Last Updated: 27 May 2016 10:57:50