5.1.9.2

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

mit

CWE-399

nessus

NVD

Published: 2011-12-08

Updated: 2024-11-21

Summary

The process_tgs_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS request that triggers an error other than the KRB5_KDB_NOENTRY error.

Vulnerable Configurations

Part	Description	Count
Application	Mit MIT MIT Kerberos 5.1.9.2 MIT MIT Kerberos 5.1.9.1 MIT MIT Kerberos 5.1.9	3

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

Nessus

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2011-16284.NASL
description	This update rebases Fedora 15 and 16 from version 1.9.1 to version 1.9.2, incorporating a recent security update and some of the fixes we were previously backporting, among others. It also incorporates fixes for NULL pointer dereferences which the KDC could make while processing TGS requests (CVE-2011-1530). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	57754
published	2012-02-01
reporter	This script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/57754
title	Fedora 15 : krb5-1.9.2-4.fc15 (2011-16284)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2011-1850.NASL
description	An updated rhev-hypervisor6 package that fixes one security issue and two bugs is now available. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. Using the SG_IO IOCTL to issue SCSI requests to partitions or LVM volumes resulted in the requests being passed to the underlying block device. If a privileged user only had access to a single partition or LVM volume, they could use this flaw to bypass those restrictions and gain read and write access (and be able to issue other SCSI commands) to the entire block device. In KVM (Kernel-based Virtual Machine) environments using raw format virtio disks backed by a partition or LVM volume, a privileged guest user could bypass intended restrictions and issue read and write requests (and other SCSI commands) on the host, and possibly access the data of other guests that reside on the same underlying block device. Refer to Red Hat Bugzilla bug 752375 for further details and a mitigation script for users who cannot apply this update immediately. (CVE-2011-4127) This updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers : CVE-2011-4539 (dhcp issue) CVE-2011-4339 (ipmitool issue) CVE-2011-1530 (krb5 issue) This update also fixes the following bugs : * Virtual LAN (VLAN) identifiers containing a space were accepted, even though they could not be configured correctly. With this update, VLAN identifiers containing a space are rejected with an
last seen	2020-06-01
modified	2020-06-02
plugin id	79281
published	2014-11-17
reporter	This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/79281
title	RHEL 6 : rhev-hypervisor6 (RHSA-2011:1850)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2011-1790.NASL
description	From Red Hat Security Advisory 2011:1790 : Updated krb5 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC). A NULL pointer dereference flaw was found in the way the MIT Kerberos KDC processed certain TGS (Ticket-granting Server) requests. A remote, authenticated attacker could use this flaw to crash the KDC via a specially crafted TGS request. (CVE-2011-1530) Red Hat would like to thank the MIT Kerberos project for reporting this issue. All krb5 users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the krb5kdc daemon will be restarted automatically.
last seen	2020-06-01
modified	2020-06-02
plugin id	68400
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/68400
title	Oracle Linux 6 : krb5 (ELSA-2011-1790)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20111206_KRB5_ON_SL6_X.NASL
description	Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third party, the Key Distribution Center (KDC). A NULL pointer dereference flaw was found in the way the MIT Kerberos KDC processed certain TGS (Ticket-granting Server) requests. A remote, authenticated attacker could use this flaw to crash the KDC via a specially crafted TGS request. (CVE-2011-1530) All krb5 users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the krb5kdc daemon will be restarted automatically.
last seen	2020-06-01
modified	2020-06-02
plugin id	61190
published	2012-08-01
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/61190
title	Scientific Linux Security Update : krb5 on SL6.x i386/x86_64

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2011-16296.NASL
description	This update rebases Fedora 15 and 16 from version 1.9.1 to version 1.9.2, incorporating a recent security update, and some of the fixes we were previously backporting, among others. It also incorporates fixes for NULL pointer dereferences which the KDC could make while processing TGS requests (CVE-2011-1530). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	57143
published	2011-12-13
reporter	This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/57143
title	Fedora 16 : krb5-1.9.2-4.fc16 (2011-16296)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-1290-1.NASL
description	Simo Sorce discovered that a NULL pointer dereference existed in the Kerberos Key Distribution Center (KDC). An authenticated remote attacker could use this to cause a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	57048
published	2011-12-08
reporter	Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/57048
title	Ubuntu 11.10 : krb5 vulnerability (USN-1290-1)

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2011-184.NASL
description	A vulnerability has been discovered and corrected in krb5 : The process_tgs_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS request that triggers an error other than the KRB5_KDB_NOENTRY error (CVE-2011-1530). The updated packages have been patched to correct this issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	61939
published	2012-09-06
reporter	This script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/61939
title	Mandriva Linux Security Advisory : krb5 (MDVSA-2011:184)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2011-1790.NASL
description	Updated krb5 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC). A NULL pointer dereference flaw was found in the way the MIT Kerberos KDC processed certain TGS (Ticket-granting Server) requests. A remote, authenticated attacker could use this flaw to crash the KDC via a specially crafted TGS request. (CVE-2011-1530) Red Hat would like to thank the MIT Kerberos project for reporting this issue. All krb5 users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the krb5kdc daemon will be restarted automatically.
last seen	2020-06-01
modified	2020-06-02
plugin id	57036
published	2011-12-07
reporter	This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/57036
title	RHEL 6 : krb5 (RHSA-2011:1790)

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2011-28.NASL
description	A NULL pointer dereference flaw was found in the way the MIT Kerberos KDC processed certain TGS (Ticket-granting Server) requests. A remote, authenticated attacker could use this flaw to crash the KDC via a specially crafted TGS request. (CVE-2011-1530)
last seen	2020-06-01
modified	2020-06-02
plugin id	69587
published	2013-09-04
reporter	This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/69587
title	Amazon Linux AMI : krb5 (ALAS-2011-28)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2011-1790.NASL
description	Updated krb5 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC). A NULL pointer dereference flaw was found in the way the MIT Kerberos KDC processed certain TGS (Ticket-granting Server) requests. A remote, authenticated attacker could use this flaw to crash the KDC via a specially crafted TGS request. (CVE-2011-1530) Red Hat would like to thank the MIT Kerberos project for reporting this issue. All krb5 users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the krb5kdc daemon will be restarted automatically.
last seen	2020-06-01
modified	2020-06-02
plugin id	57375
published	2011-12-23
reporter	This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/57375
title	CentOS 6 : krb5 (CESA-2011:1790)

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_6C7D9A35260811E189B4001EC9578670.NASL
description	The MIT Kerberos Team reports : In releases krb5-1.9 and later, the KDC can crash due to a NULL pointer dereference in code that handles TGS (Ticket Granting Service) requests. The trigger condition is trivial to produce using unmodified client software, but requires the ability to authenticate as a principal in the KDC
last seen	2020-06-01
modified	2020-06-02
plugin id	57293
published	2011-12-14
reporter	This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/57293
title	FreeBSD : krb5 -- KDC NULL pointer dereference in TGS handling (6c7d9a35-2608-11e1-89b4-001ec9578670)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2011-58.NASL
description	- fix KDC NULL pointer dereference in TGS handling (MITKRB5-SA-2011-007, bnc#730393) CVE-2011-1530 - fix KDC HA feature introduced with implementing KDC poll (RT#6951) - fix minor error messages for the IAKERB GSSAPI mechanism (see: http://krbdev.mit.edu/rt/Ticket/Display.html?id=7020) - fix KDC NULL pointer dereference in TGS handling (MITKRB5-SA-2011-007, bnc#730393) CVE-2011-1530 - fix KDC HA feature introduced with implementing KDC poll (RT#6951, bnc#731648) - fix minor error messages for the IAKERB GSSAPI mechanism (see: http://krbdev.mit.edu/rt/Ticket/Display.html?id=7020)
last seen	2020-06-01
modified	2020-06-02
plugin id	74531
published	2014-06-13
reporter	This script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/74531
title	openSUSE Security Update : krb5 (openSUSE-2011-58)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201201-13.NASL
description	The remote host is affected by the vulnerability described in GLSA-201201-13 (MIT Kerberos 5: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in MIT Kerberos 5. Please review the CVE identifiers referenced below for details. Impact : A remote attacker may be able to execute arbitrary code with the privileges of the administration daemon or the Key Distribution Center (KDC) daemon, cause a Denial of Service condition, or possibly obtain sensitive information. Furthermore, a remote attacker may be able to spoof Kerberos authorization, modify KDC responses, forge user data messages, forge tokens, forge signatures, impersonate a client, modify user-visible prompt text, or have other unspecified impact. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	57655
published	2012-01-24
reporter	This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/57655
title	GLSA-201201-13 : MIT Kerberos 5: Multiple vulnerabilities

Redhat

advisories

bugzilla

id	753748
title	CVE-2011-1530 krb5 (krb5kdc): NULL pointer dereference in the TGS handling (MITKRB5-SA-2011-007)

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

AND
comment krb5-libs is earlier than 0:1.9-22.el6_2.1
oval oval:com.redhat.rhsa:tst:20111790001
comment krb5-libs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20192599014

AND

comment krb5-workstation is earlier than 0:1.9-22.el6_2.1
oval oval:com.redhat.rhsa:tst:20111790003
comment krb5-workstation is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20192599008

AND

comment krb5-server-ldap is earlier than 0:1.9-22.el6_2.1
oval oval:com.redhat.rhsa:tst:20111790005
comment krb5-server-ldap is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20192599004

AND

comment krb5-pkinit-openssl is earlier than 0:1.9-22.el6_2.1
oval oval:com.redhat.rhsa:tst:20111790007
comment krb5-pkinit-openssl is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20100863002

AND
comment krb5-devel is earlier than 0:1.9-22.el6_2.1
oval oval:com.redhat.rhsa:tst:20111790009
comment krb5-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20192599002
AND
comment krb5-server is earlier than 0:1.9-22.el6_2.1
oval oval:com.redhat.rhsa:tst:20111790011
comment krb5-server is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20192599006

rhsa

id	RHSA-2011:1790
released	2011-12-06
severity	Moderate
title	RHSA-2011:1790: krb5 security update (Moderate)

rpms

krb5-debuginfo-0:1.9-22.el6_2.1
krb5-devel-0:1.9-22.el6_2.1
krb5-libs-0:1.9-22.el6_2.1
krb5-pkinit-openssl-0:1.9-22.el6_2.1
krb5-server-0:1.9-22.el6_2.1
krb5-server-ldap-0:1.9-22.el6_2.1
krb5-workstation-0:1.9-22.el6_2.1

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

Redhat

References