Vulnerabilities > CVE-2011-1530 - Resource Management Errors vulnerability in MIT Kerberos 5.1.9/5.1.9.1/5.1.9.2
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
The process_tgs_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS request that triggers an error other than the KRB5_KDB_NOENTRY error.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2011-16284.NASL description This update rebases Fedora 15 and 16 from version 1.9.1 to version 1.9.2, incorporating a recent security update and some of the fixes we were previously backporting, among others. It also incorporates fixes for NULL pointer dereferences which the KDC could make while processing TGS requests (CVE-2011-1530). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 57754 published 2012-02-01 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57754 title Fedora 15 : krb5-1.9.2-4.fc15 (2011-16284) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2011-1850.NASL description An updated rhev-hypervisor6 package that fixes one security issue and two bugs is now available. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. Using the SG_IO IOCTL to issue SCSI requests to partitions or LVM volumes resulted in the requests being passed to the underlying block device. If a privileged user only had access to a single partition or LVM volume, they could use this flaw to bypass those restrictions and gain read and write access (and be able to issue other SCSI commands) to the entire block device. In KVM (Kernel-based Virtual Machine) environments using raw format virtio disks backed by a partition or LVM volume, a privileged guest user could bypass intended restrictions and issue read and write requests (and other SCSI commands) on the host, and possibly access the data of other guests that reside on the same underlying block device. Refer to Red Hat Bugzilla bug 752375 for further details and a mitigation script for users who cannot apply this update immediately. (CVE-2011-4127) This updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers : CVE-2011-4539 (dhcp issue) CVE-2011-4339 (ipmitool issue) CVE-2011-1530 (krb5 issue) This update also fixes the following bugs : * Virtual LAN (VLAN) identifiers containing a space were accepted, even though they could not be configured correctly. With this update, VLAN identifiers containing a space are rejected with an last seen 2020-06-01 modified 2020-06-02 plugin id 79281 published 2014-11-17 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79281 title RHEL 6 : rhev-hypervisor6 (RHSA-2011:1850) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2011-1790.NASL description From Red Hat Security Advisory 2011:1790 : Updated krb5 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC). A NULL pointer dereference flaw was found in the way the MIT Kerberos KDC processed certain TGS (Ticket-granting Server) requests. A remote, authenticated attacker could use this flaw to crash the KDC via a specially crafted TGS request. (CVE-2011-1530) Red Hat would like to thank the MIT Kerberos project for reporting this issue. All krb5 users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the krb5kdc daemon will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 68400 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68400 title Oracle Linux 6 : krb5 (ELSA-2011-1790) NASL family Scientific Linux Local Security Checks NASL id SL_20111206_KRB5_ON_SL6_X.NASL description Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third party, the Key Distribution Center (KDC). A NULL pointer dereference flaw was found in the way the MIT Kerberos KDC processed certain TGS (Ticket-granting Server) requests. A remote, authenticated attacker could use this flaw to crash the KDC via a specially crafted TGS request. (CVE-2011-1530) All krb5 users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the krb5kdc daemon will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 61190 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61190 title Scientific Linux Security Update : krb5 on SL6.x i386/x86_64 NASL family Fedora Local Security Checks NASL id FEDORA_2011-16296.NASL description This update rebases Fedora 15 and 16 from version 1.9.1 to version 1.9.2, incorporating a recent security update, and some of the fixes we were previously backporting, among others. It also incorporates fixes for NULL pointer dereferences which the KDC could make while processing TGS requests (CVE-2011-1530). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 57143 published 2011-12-13 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57143 title Fedora 16 : krb5-1.9.2-4.fc16 (2011-16296) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1290-1.NASL description Simo Sorce discovered that a NULL pointer dereference existed in the Kerberos Key Distribution Center (KDC). An authenticated remote attacker could use this to cause a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 57048 published 2011-12-08 reporter Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/57048 title Ubuntu 11.10 : krb5 vulnerability (USN-1290-1) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2011-184.NASL description A vulnerability has been discovered and corrected in krb5 : The process_tgs_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS request that triggers an error other than the KRB5_KDB_NOENTRY error (CVE-2011-1530). The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 61939 published 2012-09-06 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/61939 title Mandriva Linux Security Advisory : krb5 (MDVSA-2011:184) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2011-1790.NASL description Updated krb5 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC). A NULL pointer dereference flaw was found in the way the MIT Kerberos KDC processed certain TGS (Ticket-granting Server) requests. A remote, authenticated attacker could use this flaw to crash the KDC via a specially crafted TGS request. (CVE-2011-1530) Red Hat would like to thank the MIT Kerberos project for reporting this issue. All krb5 users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the krb5kdc daemon will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 57036 published 2011-12-07 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/57036 title RHEL 6 : krb5 (RHSA-2011:1790) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2011-28.NASL description A NULL pointer dereference flaw was found in the way the MIT Kerberos KDC processed certain TGS (Ticket-granting Server) requests. A remote, authenticated attacker could use this flaw to crash the KDC via a specially crafted TGS request. (CVE-2011-1530) last seen 2020-06-01 modified 2020-06-02 plugin id 69587 published 2013-09-04 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69587 title Amazon Linux AMI : krb5 (ALAS-2011-28) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2011-1790.NASL description Updated krb5 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC). A NULL pointer dereference flaw was found in the way the MIT Kerberos KDC processed certain TGS (Ticket-granting Server) requests. A remote, authenticated attacker could use this flaw to crash the KDC via a specially crafted TGS request. (CVE-2011-1530) Red Hat would like to thank the MIT Kerberos project for reporting this issue. All krb5 users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the krb5kdc daemon will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 57375 published 2011-12-23 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/57375 title CentOS 6 : krb5 (CESA-2011:1790) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_6C7D9A35260811E189B4001EC9578670.NASL description The MIT Kerberos Team reports : In releases krb5-1.9 and later, the KDC can crash due to a NULL pointer dereference in code that handles TGS (Ticket Granting Service) requests. The trigger condition is trivial to produce using unmodified client software, but requires the ability to authenticate as a principal in the KDC last seen 2020-06-01 modified 2020-06-02 plugin id 57293 published 2011-12-14 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/57293 title FreeBSD : krb5 -- KDC NULL pointer dereference in TGS handling (6c7d9a35-2608-11e1-89b4-001ec9578670) NASL family SuSE Local Security Checks NASL id OPENSUSE-2011-58.NASL description - fix KDC NULL pointer dereference in TGS handling (MITKRB5-SA-2011-007, bnc#730393) CVE-2011-1530 - fix KDC HA feature introduced with implementing KDC poll (RT#6951) - fix minor error messages for the IAKERB GSSAPI mechanism (see: http://krbdev.mit.edu/rt/Ticket/Display.html?id=7020) - fix KDC NULL pointer dereference in TGS handling (MITKRB5-SA-2011-007, bnc#730393) CVE-2011-1530 - fix KDC HA feature introduced with implementing KDC poll (RT#6951, bnc#731648) - fix minor error messages for the IAKERB GSSAPI mechanism (see: http://krbdev.mit.edu/rt/Ticket/Display.html?id=7020) last seen 2020-06-01 modified 2020-06-02 plugin id 74531 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/74531 title openSUSE Security Update : krb5 (openSUSE-2011-58) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201201-13.NASL description The remote host is affected by the vulnerability described in GLSA-201201-13 (MIT Kerberos 5: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in MIT Kerberos 5. Please review the CVE identifiers referenced below for details. Impact : A remote attacker may be able to execute arbitrary code with the privileges of the administration daemon or the Key Distribution Center (KDC) daemon, cause a Denial of Service condition, or possibly obtain sensitive information. Furthermore, a remote attacker may be able to spoof Kerberos authorization, modify KDC responses, forge user data messages, forge tokens, forge signatures, impersonate a client, modify user-visible prompt text, or have other unspecified impact. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 57655 published 2012-01-24 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57655 title GLSA-201201-13 : MIT Kerberos 5: Multiple vulnerabilities
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://secunia.com/advisories/47124
- http://securitytracker.com/id?1026374
- http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-007.txt
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:184
- http://www.redhat.com/support/errata/RHSA-2011-1790.html
- http://www.securityfocus.com/archive/1/520756/100/0/threaded
- http://www.securityfocus.com/bid/50929
- https://exchange.xforce.ibmcloud.com/vulnerabilities/71655