|
|
MIT : Security Vulnerabilities Published In 2011 (Denial Of Service)
Copy Results
Download Results
Select Table
| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2011-4151 |
20 |
|
DoS |
2011-10-20 |
2012-01-18 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The krb5_db2_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4, when the db2 (aka Berkeley DB) back end is used, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors, a different vulnerability than CVE-2011-1528. |
|
2 |
CVE-2011-1530 |
399 |
|
DoS |
2011-12-08 |
2012-01-18 |
6.8 |
None |
Remote |
Low |
Single system |
None |
None |
Complete |
|
The process_tgs_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS request that triggers an error other than the KRB5_KDB_NOENTRY error. |
|
3 |
CVE-2011-1529 |
20 |
|
DoS |
2011-10-20 |
2012-01-18 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The lookup_lockout_policy function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the db2 (aka Berkeley DB) or LDAP back end is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger certain process_as_req errors. |
|
4 |
CVE-2011-1528 |
20 |
|
DoS |
2011-10-20 |
2012-04-20 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The krb5_ldap_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors, related to the locked_check_p function. NOTE: the Berkeley DB vector is covered by CVE-2011-4151. |
|
5 |
CVE-2011-1527 |
20 |
|
DoS |
2011-10-20 |
2012-01-18 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The kdb_ldap plugin in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a kinit operation with incorrect string case for the realm, related to the is_principal_in_realm, krb5_set_error_message, krb5_ldap_get_principal, and process_as_req functions. |
|
6 |
CVE-2011-0285 |
20 |
|
DoS Exec Code |
2011-04-14 |
2011-09-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The process_chpw_request function in schpw.c in the password-changing functionality in kadmind in MIT Kerberos 5 (aka krb5) 1.7 through 1.9 frees an invalid pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted request that triggers an error condition. |
|
7 |
CVE-2011-0284 |
399 |
|
DoS Exec Code |
2011-03-19 |
2011-04-08 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
Double free vulnerability in the prepare_error_as function in do_as_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 through 1.9, when the PKINIT feature is enabled, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via an e_data field containing typed data. |
|
8 |
CVE-2011-0283 |
|
|
DoS |
2011-02-10 |
2011-09-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed request packet that does not trigger a response packet. |
|
9 |
CVE-2011-0282 |
|
|
DoS |
2011-02-10 |
2011-10-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (NULL pointer dereference or buffer over-read, and daemon crash) via a crafted principal name. |
|
10 |
CVE-2011-0281 |
310 |
|
DoS |
2011-02-10 |
2011-10-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The unparse implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (file descriptor exhaustion and daemon hang) via a principal name that triggers use of a backslash escape sequence, as demonstrated by a \n sequence. |
|
11 |
CVE-2010-4022 |
20 |
|
DoS |
2011-02-10 |
2011-09-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The do_standalone function in the MIT krb5 KDC database propagation daemon (kpropd) in Kerberos 1.7, 1.8, and 1.9, when running in standalone mode, does not properly handle when a worker child process "exits abnormally," which allows remote attackers to cause a denial of service (listening process termination, no new connections, and lack of updates in slave KVC) via unspecified vectors. |
Total number of vulnerabilities : 11
Page :
1
(This Page)
|
|
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is
MITRE's CVE web site.
CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is
MITRE's CWE web site.
OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is
MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties, implied or otherwise, with regard to this information or its use.
Any use of this information is at the user's risk.
It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content.
EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site.
ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT,
INDIRECT or any other kind of loss.
