Vulnerabilities > CVE-2011-0281 - Cryptographic Issues vulnerability in MIT Kerberos and Kerberos 5
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The unparse implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (file descriptor exhaustion and daemon hang) via a principal name that triggers use of a backslash escape sequence, as demonstrated by a \n sequence.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 11 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Nessus
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2011-0199.NASL description Updated krb5 packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC). A NULL pointer dereference flaw was found in the way the MIT Kerberos KDC processed principal names that were not null terminated, when the KDC was configured to use an LDAP back end. A remote attacker could use this flaw to crash the KDC via a specially crafted request. (CVE-2011-0282) A denial of service flaw was found in the way the MIT Kerberos KDC processed certain principal names when the KDC was configured to use an LDAP back end. A remote attacker could use this flaw to cause the KDC to hang via a specially crafted request. (CVE-2011-0281) Red Hat would like to thank the MIT Kerberos Team for reporting these issues. Upstream acknowledges Kevin Longfellow of Oracle Corporation as the original reporter of the CVE-2011-0281 issue. All krb5 users should upgrade to these updated packages, which contain a backported patch to correct these issues. After installing the updated packages, the krb5kdc daemon will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 53418 published 2011-04-15 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53418 title CentOS 5 : krb5 (CESA-2011:0199) NASL family Fedora Local Security Checks NASL id FEDORA_2011-1210.NASL description This update incorporates fixes from upstream advisories MITKRB5-SA-2011-001 (standalone kpropd exits if a per-client child exits with an error) and MITKRB5-SA-2011-002 (uninitialized pointer crash in the KDC, hang or crash in the KDC with the LDAP backend). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 52017 published 2011-02-18 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/52017 title Fedora 13 : krb5-1.7.1-17.fc13 (2011-1210) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2011-0199.NASL description Updated krb5 packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC). A NULL pointer dereference flaw was found in the way the MIT Kerberos KDC processed principal names that were not null terminated, when the KDC was configured to use an LDAP back end. A remote attacker could use this flaw to crash the KDC via a specially crafted request. (CVE-2011-0282) A denial of service flaw was found in the way the MIT Kerberos KDC processed certain principal names when the KDC was configured to use an LDAP back end. A remote attacker could use this flaw to cause the KDC to hang via a specially crafted request. (CVE-2011-0281) Red Hat would like to thank the MIT Kerberos Team for reporting these issues. Upstream acknowledges Kevin Longfellow of Oracle Corporation as the original reporter of the CVE-2011-0281 issue. All krb5 users should upgrade to these updated packages, which contain a backported patch to correct these issues. After installing the updated packages, the krb5kdc daemon will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 51917 published 2011-02-09 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/51917 title RHEL 5 : krb5 (RHSA-2011:0199) NASL family SuSE Local Security Checks NASL id SUSE_11_KRB5-110120.NASL description Multiple KDC DoS vulnerabilities if used with LDAP backends have been fixed in krb5. CVE-2011-0281 / CVE-2011-0282 have been assigned. last seen 2020-06-01 modified 2020-06-02 plugin id 51934 published 2011-02-10 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51934 title SuSE 11.1 Security Update : krb5 (SAT Patch Number 3839) NASL family Scientific Linux Local Security Checks NASL id SL_20110208_KRB5_ON_SL5_X.NASL description A NULL pointer dereference flaw was found in the way the MIT Kerberos KDC processed principal names that were not null terminated, when the KDC was configured to use an LDAP back end. A remote attacker could use this flaw to crash the KDC via a specially crafted request. (CVE-2011-0282) A denial of service flaw was found in the way the MIT Kerberos KDC processed certain principal names when the KDC was configured to use an LDAP back end. A remote attacker could use this flaw to cause the KDC to hang via a specially crafted request. (CVE-2011-0281) After installing the updated packages, the krb5kdc daemon will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 60952 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60952 title Scientific Linux Security Update : krb5 on SL5.x i386/x86_64 NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2011-0200.NASL description Updated krb5 packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC). A NULL pointer dereference flaw was found in the way the MIT Kerberos KDC processed principal names that were not null terminated, when the KDC was configured to use an LDAP back end. A remote attacker could use this flaw to crash the KDC via a specially crafted request. (CVE-2011-0282) A denial of service flaw was found in the way the MIT Kerberos KDC processed certain principal names when the KDC was configured to use an LDAP back end. A remote attacker could use this flaw to cause the KDC to hang via a specially crafted request. (CVE-2011-0281) A denial of service flaw was found in the way the MIT Kerberos V5 slave KDC update server (kpropd) processed certain update requests for KDC database propagation. A remote attacker could use this flaw to terminate the kpropd daemon via a specially crafted update request. (CVE-2010-4022) Red Hat would like to thank the MIT Kerberos Team for reporting the CVE-2011-0282 and CVE-2011-0281 issues. Upstream acknowledges Kevin Longfellow of Oracle Corporation as the original reporter of the CVE-2011-0281 issue. All krb5 users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the krb5kdc daemon will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 51918 published 2011-02-09 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/51918 title RHEL 6 : krb5 (RHSA-2011:0200) NASL family SuSE Local Security Checks NASL id SUSE_11_3_KRB5-110209.NASL description Multiple KDC DoS vulnerabilities if used with LDAP backends have been fixed in krb5. CVE-2011-0281 and CVE-2011-0282 have been assigned. Additionally a DoS vulnerability in kpropd has been fixed. CVE-2010-4022 has been assigned to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 75560 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75560 title openSUSE Security Update : krb5 (openSUSE-SU-2011:0111-1) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2011-025.NASL description Multiple vulnerabilities were discovered and corrected in krb5 : The MIT krb5 KDC database propagation daemon (kpropd) is vulnerable to a denial-of-service attack triggered by invalid network input. If a kpropd worker process receives invalid input that causes it to exit with an abnormal status, it can cause the termination of the listening process that spawned it, preventing the slave KDC it was running on From receiving database updates from the master KDC (CVE-2010-4022). The MIT krb5 Key Distribution Center (KDC) daemon is vulnerable to denial of service attacks from unauthenticated remote attackers (CVE-2011-0281, CVE-2011-0282). The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 51932 published 2011-02-10 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51932 title Mandriva Linux Security Advisory : krb5 (MDVSA-2011:025) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_4AB413EA66CE11E0BF05D445F3AA24F0.NASL description An advisory published by the MIT Kerberos team says : The MIT krb5 Key Distribution Center (KDC) daemon is vulnerable to denial of service attacks from unauthenticated remote attackers. CVE-2011-0281 and CVE-2011-0282 occur only in KDCs using LDAP back ends, but CVE-2011-0283 occurs in all krb5-1.9 KDCs. Exploit code is not known to exist, but the vulnerabilities are easy to trigger manually. The trigger for CVE-2011-0281 has already been disclosed publicly, but that fact might not be obvious to casual readers of the message in which it was disclosed. The triggers for CVE-2011-0282 and CVE-2011-0283 have not yet been disclosed publicly, but they are also trivial. CVE-2011-0281: An unauthenticated remote attacker can cause a KDC configured with an LDAP back end to become completely unresponsive until restarted. CVE-2011-0282: An unauthenticated remote attacker can cause a KDC configured with an LDAP back end to crash with a NULL pointer dereference. CVE-2011-0283: An unauthenticated remote attacker can cause a krb5-1.9 KDC with any back end to crash with a NULL pointer dereference. last seen 2020-06-01 modified 2020-06-02 plugin id 53440 published 2011-04-15 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53440 title FreeBSD : krb5 -- MITKRB5-SA-2011-002, KDC vulnerable to hang when using LDAP back end (4ab413ea-66ce-11e0-bf05-d445f3aa24f0) NASL family Fedora Local Security Checks NASL id FEDORA_2011-1225.NASL description This update incorporates fixes from upstream advisories MITKRB5-SA-2011-001 (standalone kpropd exits if a per-client child exits with an error) and MITKRB5-SA-2011-002 (uninitialized pointer crash in the KDC, hang or crash in the KDC with the LDAP backend). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 52019 published 2011-02-18 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/52019 title Fedora 14 : krb5-1.8.2-8.fc14 (2011-1225) NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2011-0012.NASL description a. ESX third-party update for Service Console kernel This update takes the console OS kernel package to kernel-2.6.18-238.9.1 which resolves multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-1083, CVE-2010-2492, CVE-2010-2798, CVE-2010-2938, CVE-2010-2942, CVE-2010-2943, CVE-2010-3015, CVE-2010-3066, CVE-2010-3067, CVE-2010-3078, CVE-2010-3086, CVE-2010-3296, CVE-2010-3432, CVE-2010-3442, CVE-2010-3477, CVE-2010-3699, CVE-2010-3858, CVE-2010-3859, CVE-2010-3865, CVE-2010-3876, CVE-2010-3877, CVE-2010-3880, CVE-2010-3904, CVE-2010-4072, CVE-2010-4073, CVE-2010-4075, CVE-2010-4080, CVE-2010-4081, CVE-2010-4083, CVE-2010-4157, CVE-2010-4158, CVE-2010-4161, CVE-2010-4238, CVE-2010-4242, CVE-2010-4243, CVE-2010-4247, CVE-2010-4248, CVE-2010-4249, CVE-2010-4251, CVE-2010-4255, CVE-2010-4263, CVE-2010-4343, CVE-2010-4346, CVE-2010-4526, CVE-2010-4655, CVE-2011-0521, CVE-2011-0710, CVE-2011-1010, CVE-2011-1090 and CVE-2011-1478 to these issues. b. ESX third-party update for Service Console krb5 RPMs This patch updates the krb5-libs and krb5-workstation RPMs of the console OS to version 1.6.1-55.el5_6.1, which resolves multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-1323, CVE-2011-0281, and CVE-2011-0282 to these issues. c. ESXi and ESX update to third-party component glibc The glibc third-party library is updated to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-0296, CVE-2011-0536, CVE-2011-1071, CVE-2011-1095, CVE-2011-1658, and CVE-2011-1659 to these issues. d. ESX update to third-party drivers mptsas, mpt2sas, and mptspi The mptsas, mpt2sas, and mptspi drivers are updated which addresses multiple security issues in the mpt2sas driver. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-1494 and CVE-2011-1495 to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 56508 published 2011-10-14 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56508 title VMSA-2011-0012 : VMware ESXi and ESX updates to third-party libraries and ESX Service Console NASL family SuSE Local Security Checks NASL id SUSE_11_2_KRB5-110209.NASL description Multiple KDC DoS vulnerabilities if used with LDAP backends have been fixed in krb5. CVE-2011-0281 and CVE-2011-0282 have been assigned. Additionally a DoS vulnerability in kpropd has been fixed. CVE-2010-4022 has been assigned to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 53743 published 2011-05-05 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53743 title openSUSE Security Update : krb5 (openSUSE-SU-2011:0111-1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2011-0200.NASL description From Red Hat Security Advisory 2011:0200 : Updated krb5 packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC). A NULL pointer dereference flaw was found in the way the MIT Kerberos KDC processed principal names that were not null terminated, when the KDC was configured to use an LDAP back end. A remote attacker could use this flaw to crash the KDC via a specially crafted request. (CVE-2011-0282) A denial of service flaw was found in the way the MIT Kerberos KDC processed certain principal names when the KDC was configured to use an LDAP back end. A remote attacker could use this flaw to cause the KDC to hang via a specially crafted request. (CVE-2011-0281) A denial of service flaw was found in the way the MIT Kerberos V5 slave KDC update server (kpropd) processed certain update requests for KDC database propagation. A remote attacker could use this flaw to terminate the kpropd daemon via a specially crafted update request. (CVE-2010-4022) Red Hat would like to thank the MIT Kerberos Team for reporting the CVE-2011-0282 and CVE-2011-0281 issues. Upstream acknowledges Kevin Longfellow of Oracle Corporation as the original reporter of the CVE-2011-0281 issue. All krb5 users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the krb5kdc daemon will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 68196 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68196 title Oracle Linux 6 : krb5 (ELSA-2011-0200) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2011-024.NASL description Multiple vulnerabilities were discovered and corrected in krb5 : The MIT krb5 Key Distribution Center (KDC) daemon is vulnerable to denial of service attacks from unauthenticated remote attackers (CVE-2011-0281, CVE-2011-0282). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149 products_id=490 The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 51931 published 2011-02-10 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51931 title Mandriva Linux Security Advisory : krb5 (MDVSA-2011:024) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2011-0015.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - Fix for (CVE-2011-4862) - incorporate a fix to teach the file labeling bits about when replay caches are expunged (#712453) - rebuild - ftp: handle larger command inputs (#665833) - don last seen 2020-06-01 modified 2020-06-02 plugin id 79475 published 2014-11-26 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79475 title OracleVM 2.2 : krb5 (OVMSA-2011-0015) NASL family Misc. NASL id VMWARE_VMSA-2011-0012_REMOTE.NASL description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities in several third-party components and libraries : - Kernel - krb5 - glibc - mtp2sas - mptsas - mptspi last seen 2020-06-01 modified 2020-06-02 plugin id 89680 published 2016-03-04 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/89680 title VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0012) (remote check) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1062-1.NASL description Keiichi Mori discovered that the MIT krb5 KDC database propagation daemon (kpropd) is vulnerable to a denial of service attack due to improper logic when a worker child process exited because of invalid network input. This could only occur when kpropd is running in standalone mode; kpropd was not affected when running in incremental propagation mode ( last seen 2020-06-01 modified 2020-06-02 plugin id 51985 published 2011-02-15 reporter Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/51985 title Ubuntu 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : krb5 vulnerabilities (USN-1062-1) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201201-13.NASL description The remote host is affected by the vulnerability described in GLSA-201201-13 (MIT Kerberos 5: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in MIT Kerberos 5. Please review the CVE identifiers referenced below for details. Impact : A remote attacker may be able to execute arbitrary code with the privileges of the administration daemon or the Key Distribution Center (KDC) daemon, cause a Denial of Service condition, or possibly obtain sensitive information. Furthermore, a remote attacker may be able to spoof Kerberos authorization, modify KDC responses, forge user data messages, forge tokens, forge signatures, impersonate a client, modify user-visible prompt text, or have other unspecified impact. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 57655 published 2012-01-24 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57655 title GLSA-201201-13 : MIT Kerberos 5: Multiple vulnerabilities NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2011-0199.NASL description From Red Hat Security Advisory 2011:0199 : Updated krb5 packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC). A NULL pointer dereference flaw was found in the way the MIT Kerberos KDC processed principal names that were not null terminated, when the KDC was configured to use an LDAP back end. A remote attacker could use this flaw to crash the KDC via a specially crafted request. (CVE-2011-0282) A denial of service flaw was found in the way the MIT Kerberos KDC processed certain principal names when the KDC was configured to use an LDAP back end. A remote attacker could use this flaw to cause the KDC to hang via a specially crafted request. (CVE-2011-0281) Red Hat would like to thank the MIT Kerberos Team for reporting these issues. Upstream acknowledges Kevin Longfellow of Oracle Corporation as the original reporter of the CVE-2011-0281 issue. All krb5 users should upgrade to these updated packages, which contain a backported patch to correct these issues. After installing the updated packages, the krb5kdc daemon will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 68195 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68195 title Oracle Linux 5 : krb5 (ELSA-2011-0199)
Redhat
| advisories |
| ||||||||
| rpms |
|
References
- http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html
- http://mailman.mit.edu/pipermail/kerberos/2010-December/016800.html
- http://secunia.com/advisories/43260
- http://secunia.com/advisories/43273
- http://secunia.com/advisories/43275
- http://secunia.com/advisories/46397
- http://securityreason.com/securityalert/8073
- http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:024
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:025
- http://www.redhat.com/support/errata/RHSA-2011-0199.html
- http://www.redhat.com/support/errata/RHSA-2011-0200.html
- http://www.securityfocus.com/archive/1/516299/100/0/threaded
- http://www.securityfocus.com/archive/1/520102/100/0/threaded
- http://www.securityfocus.com/bid/46265
- http://www.securitytracker.com/id?1025037
- http://www.vmware.com/security/advisories/VMSA-2011-0012.html
- http://www.vupen.com/english/advisories/2011/0330
- http://www.vupen.com/english/advisories/2011/0333
- http://www.vupen.com/english/advisories/2011/0347
- http://www.vupen.com/english/advisories/2011/0464
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65324