FreeBSD : krb5 -- MITKRB5-SA-2011-002, KDC vulnerable to hang when using LDAP back end (4ab413ea-66ce-11e0-bf05-d445f3aa24f0)
Medium Nessus Plugin ID 53440
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionAn advisory published by the MIT Kerberos team says :
The MIT krb5 Key Distribution Center (KDC) daemon is vulnerable to denial of service attacks from unauthenticated remote attackers.
CVE-2011-0281 and CVE-2011-0282 occur only in KDCs using LDAP back ends, but CVE-2011-0283 occurs in all krb5-1.9 KDCs.
Exploit code is not known to exist, but the vulnerabilities are easy to trigger manually. The trigger for CVE-2011-0281 has already been disclosed publicly, but that fact might not be obvious to casual readers of the message in which it was disclosed. The triggers for CVE-2011-0282 and CVE-2011-0283 have not yet been disclosed publicly, but they are also trivial.
CVE-2011-0281: An unauthenticated remote attacker can cause a KDC configured with an LDAP back end to become completely unresponsive until restarted.
CVE-2011-0282: An unauthenticated remote attacker can cause a KDC configured with an LDAP back end to crash with a NULL pointer dereference.
CVE-2011-0283: An unauthenticated remote attacker can cause a krb5-1.9 KDC with any back end to crash with a NULL pointer dereference.
SolutionUpdate the affected packages.