FreeBSD : krb5 -- MITKRB5-SA-2011-002, KDC vulnerable to hang when using LDAP back end (4ab413ea-66ce-11e0-bf05-d445f3aa24f0)

This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

An advisory published by the MIT Kerberos team says :

The MIT krb5 Key Distribution Center (KDC) daemon is vulnerable to
denial of service attacks from unauthenticated remote attackers.
CVE-2011-0281 and CVE-2011-0282 occur only in KDCs using LDAP back
ends, but CVE-2011-0283 occurs in all krb5-1.9 KDCs.

Exploit code is not known to exist, but the vulnerabilities are easy
to trigger manually. The trigger for CVE-2011-0281 has already been
disclosed publicly, but that fact might not be obvious to casual
readers of the message in which it was disclosed. The triggers for
CVE-2011-0282 and CVE-2011-0283 have not yet been disclosed publicly,
but they are also trivial.

CVE-2011-0281: An unauthenticated remote attacker can cause a KDC
configured with an LDAP back end to become completely unresponsive
until restarted.

CVE-2011-0282: An unauthenticated remote attacker can cause a KDC
configured with an LDAP back end to crash with a NULL pointer
dereference.

CVE-2011-0283: An unauthenticated remote attacker can cause a krb5-1.9
KDC with any back end to crash with a NULL pointer dereference.

See also :

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt
http://www.nessus.org/u?395dc9ac

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 53440 ()

Bugtraq ID:

CVE ID: CVE-2011-0281
CVE-2011-0282
CVE-2011-0283

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now