CVE-2011-1530

Published: 6 December 2011

The process_tgs_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS request that triggers an error other than the KRB5_KDB_NOENTRY error.

Priority

Status

Package	Release	Status
krb5 Launchpad, Ubuntu, Debian	hardy	Not vulnerable (1.9.x only)
	lucid	Not vulnerable (1.9.x only)
	maverick	Not vulnerable (1.9.x only)
	natty	Not vulnerable (1.9.x only)
	oneiric	Released (1.9.1+dfsg-1ubuntu2.2)
	upstream	Released (1.10+dfsg~alpha1-7)
	Patches: upstream: http://web.mit.edu/kerberos/advisories/2011-007-patch.txt

References

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-007.txt
https://ubuntu.com/security/notices/USN-1290-1
https://www.cve.org/CVERecord?id=CVE-2011-1530
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.