|Category:||Red Hat Local Security Checks|
|Title:||RedHat Update for krb5 RHSA-2011:0200-01|
|Summary:||The remote host is missing an update for the 'krb5'; package(s) announced via the referenced advisory.|
The remote host is missing an update for the 'krb5'
package(s) announced via the referenced advisory.
Kerberos is a network authentication system which allows clients and
servers to authenticate to each other using symmetric encryption and a
trusted third-party, the Key Distribution Center (KDC).
A NULL pointer dereference flaw was found in the way the MIT Kerberos KDC
processed principal names that were not null terminated, when the KDC was
configured to use an LDAP back end. A remote attacker could use this flaw
to crash the KDC via a specially-crafted request. (CVE-2011-0282)
A denial of service flaw was found in the way the MIT Kerberos KDC
processed certain principal names when the KDC was configured to use an
LDAP back end. A remote attacker could use this flaw to cause the KDC to
hang via a specially-crafted request. (CVE-2011-0281)
A denial of service flaw was found in the way the MIT Kerberos V5 slave KDC
update server (kpropd) processed certain update requests for KDC database
propagation. A remote attacker could use this flaw to terminate the kpropd
daemon via a specially-crafted update request. (CVE-2010-4022)
Red Hat would like to thank the MIT Kerberos Team for reporting the
CVE-2011-0282 and CVE-2011-0281 issues. Upstream acknowledges Kevin
Longfellow of Oracle Corporation as the original reporter of the
All krb5 users should upgrade to these updated packages, which contain
backported patches to correct these issues. After installing the updated
packages, the krb5kdc daemon will be restarted automatically.
krb5 on Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)
Please Install the Updated Packages.
Common Vulnerability Exposure (CVE) ID: CVE-2010-4022|
BugTraq ID: 46269
Bugtraq: 20110208 MITKRB5-SA-2011-001 kpropd denial of service [CVE-2010-4022] (Google Search)
SuSE Security Announcement: SUSE-SR:2011:004 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2011-0281
BugTraq ID: 46265
Bugtraq: 20110208 MITKRB5-SA-2011-002 KDC denial of service attacks [CVE-2011-0281 CVE-2011-0282 CVE-2011-0283] (Google Search)
Bugtraq: 20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (Google Search)
XForce ISS Database: kerberos-ldap-descriptor-dos(65324)
Common Vulnerability Exposure (CVE) ID: CVE-2011-0282
BugTraq ID: 46271
XForce ISS Database: kerberos-ldap-dos(65323)
|Copyright||Copyright (c) 2012 Greenbone Networks GmbH|
|This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.