Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2011-0281

Published: 10/02/2011 Updated: 21/01/2020
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Mit

Vulnerability Summary

The unparse implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x up to and including 1.9, when an LDAP backend is used, allows remote malicious users to cause a denial of service (file descriptor exhaustion and daemon hang) via a principal name that triggers use of a backslash escape sequence, as demonstrated by a \n sequence.

Vulnerable Product Search on Vulmon Subscribe to Product

mit kerberos 5 1.6.1

mit kerberos 5 1.6.2

mit kerberos 5 1.8.3

mit kerberos 5 1.9

mit kerberos 5-1.6.3

mit kerberos 5 1.7

mit kerberos 5 1.6

mit kerberos 5 1.8.1

mit kerberos 5 1.8.2

mit kerberos 5 1.7.1

mit kerberos 5 1.8

Vendor Advisories

Ubuntu Security Notice: krb5 vulnerabilities
Keiichi Mori discovered that the MIT krb5 KDC database propagation daemon (kpropd) is vulnerable to a denial of service attack due to improper logic when a worker child process exited because of invalid network input This could only occur when kpropd is running in standalone mode; kpropd was not affected when running in incremental propagation mod ...
Debian CVElist Bug Report Logs: krb5: CVE-2011-0284 kdc double-free
Debian Bug report logs - #618517 krb5: CVE-2011-0284 kdc double-free Package: krb5; Maintainer for krb5 is Sam Hartman <hartmans@debianorg>; Reported by: Michael Gilbert <michaelsgilbert@gmailcom> Date: Tue, 15 Mar 2011 20:51:05 UTC Severity: serious Tags: security Found in version 183+dfsg-4 Fixed in versions ...
Debian CVElist Bug Report Logs: krb5: kadmind invalid pointer free
Debian Bug report logs - #622681 krb5: kadmind invalid pointer free Package: krb5-admin-server; Maintainer for krb5-admin-server is Sam Hartman <hartmans@debianorg>; Source for krb5-admin-server is src:krb5 (PTS, buildd, popcon) Reported by: Michael Gilbert <michaelsgilbert@gmailcom> Date: Wed, 13 Apr 2011 19:21: ...

References

CWE-310http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txthttp://www.redhat.com/support/errata/RHSA-2011-0199.htmlhttp://mailman.mit.edu/pipermail/kerberos/2010-December/016800.htmlhttp://secunia.com/advisories/43273http://www.securityfocus.com/bid/46265http://www.mandriva.com/security/advisories?name=MDVSA-2011:025http://www.redhat.com/support/errata/RHSA-2011-0200.htmlhttp://www.vupen.com/english/advisories/2011/0330http://www.mandriva.com/security/advisories?name=MDVSA-2011:024http://www.vupen.com/english/advisories/2011/0347http://secunia.com/advisories/43275http://secunia.com/advisories/43260http://www.vupen.com/english/advisories/2011/0333http://www.securitytracker.com/id?1025037http://www.vupen.com/english/advisories/2011/0464http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.htmlhttp://securityreason.com/securityalert/8073http://secunia.com/advisories/46397http://www.vmware.com/security/advisories/VMSA-2011-0012.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/65324http://www.securityfocus.com/archive/1/520102/100/0/threadedhttp://www.securityfocus.com/archive/1/516299/100/0/threadedhttps://usn.ubuntu.com/1062-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400CVE-2023-7252CVE-2024-21111denial of serviceCVE-2024-29661CVE-2024-22856remote attackersencryptionCVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook