FreeBSD : krb5 -- MITKRB5-SA-2011-002, KDC vulnerable to hang when using LDAP back end (4ab413ea-66ce-11e0-bf05-d445f3aa24f0)

medium Nessus Plugin ID 53440

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

An advisory published by the MIT Kerberos team says :

The MIT krb5 Key Distribution Center (KDC) daemon is vulnerable to denial of service attacks from unauthenticated remote attackers.
CVE-2011-0281 and CVE-2011-0282 occur only in KDCs using LDAP back ends, but CVE-2011-0283 occurs in all krb5-1.9 KDCs.

Exploit code is not known to exist, but the vulnerabilities are easy to trigger manually. The trigger for CVE-2011-0281 has already been disclosed publicly, but that fact might not be obvious to casual readers of the message in which it was disclosed. The triggers for CVE-2011-0282 and CVE-2011-0283 have not yet been disclosed publicly, but they are also trivial.

CVE-2011-0281: An unauthenticated remote attacker can cause a KDC configured with an LDAP back end to become completely unresponsive until restarted.

CVE-2011-0282: An unauthenticated remote attacker can cause a KDC configured with an LDAP back end to crash with a NULL pointer dereference.

CVE-2011-0283: An unauthenticated remote attacker can cause a krb5-1.9 KDC with any back end to crash with a NULL pointer dereference.

Solution

Update the affected packages.

See Also

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt

http://www.nessus.org/u?3b84e3ed

Plugin Details

Severity: Medium

ID: 53440

File Name: freebsd_pkg_4ab413ea66ce11e0bf05d445f3aa24f0.nasl

Version: 1.12

Type: local

Published: 4/15/2011

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:krb5, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 4/14/2011

Vulnerability Publication Date: 2/8/2011

Reference Information

CVE: CVE-2011-0281, CVE-2011-0282, CVE-2011-0283