Main Vulnerability Database Vulnerabilities #VU44582

NULL pointer dereference in Kerberos 5 - CVE-2011-1527

Published: October 21, 2011 / Updated: May 27, 2022

Vulnerability identifier: #VU44582

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2011-1527

CWE-ID: CWE-476

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: MIT

Affected software:
Kerberos 5

Detailed vulnerability description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a kinit operation with incorrect string case for the realm, related to the is_principal_in_realm, krb5_set_error_message, krb5_ldap_get_principal, and process_as_req functions.

How to mitigate CVE-2011-1527

Install update from vendor's website.

Sources

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629558
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-006.txt
http://www.kb.cert.org/vuls/id/659251
http://www.mandriva.com/security/advisories?name=MDVSA-2011:159
http://www.redhat.com/support/errata/RHSA-2011-1379.html

NULL pointer dereference in Kerberos 5 - CVE-2011-1527

Detailed vulnerability description

How to mitigate CVE-2011-1527

Sources

Please verify you're human