Computer Security
[EN] securityvulns.ru no-pyccku


MIT Kerberos 5 DoS
Published:07.12.2011
Source:
SecurityVulns ID:12074
Type:remote
Threat Level:
5/10
Description:TGS Null pointer dereference. TGS assertion failure.
Affected:MIT : krb5 1.9
CVE:CVE-2011-4151 (The krb5_db2_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4, when the db2 (aka Berkeley DB) back end is used, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors, a different vulnerability than CVE-2011-1528.)
 CVE-2011-1530 (The process_tgs_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS request that triggers an error other than the KRB5_KDB_NOENTRY error.)
Original documentdocumentMIT, MITKRB5-SA-2011-007 KDC null pointer dereference in TGS handling [CVE-2011-1530] (07.12.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod