Vulnerability Details : CVE-2011-1528
The krb5_ldap_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors, related to the locked_check_p function. NOTE: the Berkeley DB vector is covered by CVE-2011-4151.
Vulnerability category: Input validationDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2011-1528
Probability of exploitation activity in the next 30 days: 14.70%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 95 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2011-1528
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST |
CWE ids for CVE-2011-1528
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-1528
-
http://www.mandriva.com/security/advisories?name=MDVSA-2011:159
mandriva.com
-
http://www.mandriva.com/security/advisories?name=MDVSA-2011:160
mandriva.com
-
http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00009.html
[security-announce] openSUSE-SU-2011:1169-1: important: krb5: fixed kdc
-
http://www.kb.cert.org/vuls/id/659251
VU#659251 - Multiple MIT KRB5 KDC daemon vulnerabilitiesUS Government Resource
-
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-006.txt
Vendor Advisory
-
http://www.redhat.com/support/errata/RHSA-2011-1379.html
SupportVendor Advisory
-
https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/715579
Bug #715579 “krb5-kdc-ldap plugin crashes krb5-kdc sometimes whe...” : Bugs : krb5 package : Ubuntu
Products affected by CVE-2011-1528
- cpe:2.3:a:mit:kerberos_5:1.8:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.9:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.8.4:*:*:*:*:*:*:*