FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

krb5 -- MITKRB5-SA-2011-002, KDC vulnerable to hang when using LDAP back end

Affected packages
1.7 <= krb5 < 1.7.2
1.8 <= krb5 <= 1.8.4
krb5 = 1.9

Details

VuXML ID 4ab413ea-66ce-11e0-bf05-d445f3aa24f0
Discovery 2011-02-08
Entry 2011-04-14

An advisory published by the MIT Kerberos team says:

The MIT krb5 Key Distribution Center (KDC) daemon is vulnerable to denial of service attacks from unauthenticated remote attackers. CVE-2011-0281 and CVE-2011-0282 occur only in KDCs using LDAP back ends, but CVE-2011-0283 occurs in all krb5-1.9 KDCs.

Exploit code is not known to exist, but the vulnerabilities are easy to trigger manually. The trigger for CVE-2011-0281 has already been disclosed publicly, but that fact might not be obvious to casual readers of the message in which it was disclosed. The triggers for CVE-2011-0282 and CVE-2011-0283 have not yet been disclosed publicly, but they are also trivial.

CVE-2011-0281: An unauthenticated remote attacker can cause a KDC configured with an LDAP back end to become completely unresponsive until restarted.

CVE-2011-0282: An unauthenticated remote attacker can cause a KDC configured with an LDAP back end to crash with a null pointer dereference.

CVE-2011-0283: An unauthenticated remote attacker can cause a krb5-1.9 KDC with any back end to crash with a null pointer dereference.

References

CVE Name CVE-2011-0281
CVE Name CVE-2011-0282
CVE Name CVE-2011-0283
URL http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt