The remote host is affected by the vulnerability described in GLSA-201201-13 (MIT Kerberos 5: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in MIT Kerberos 5. Please       review the CVE identifiers referenced below for details.
  Impact :

    A remote attacker may be able to execute arbitrary code with the       privileges of the administration daemon or the Key Distribution Center       (KDC) daemon, cause a Denial of Service condition, or possibly obtain       sensitive information. Furthermore, a remote attacker may be able to       spoof Kerberos authorization, modify KDC responses, forge user data       messages, forge tokens, forge signatures, impersonate a client, modify       user-visible prompt text, or have other unspecified impact.
  Workaround :

    There is no known workaround at this time.

Updated krb5 packages that fix two security issues are now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC).

A NULL pointer dereference flaw was found in the way the MIT Kerberos KDC processed principal names that were not null terminated, when the KDC was configured to use an LDAP back end. A remote attacker could use this flaw to crash the KDC via a specially crafted request.
(CVE-2011-0282)

A denial of service flaw was found in the way the MIT Kerberos KDC processed certain principal names when the KDC was configured to use an LDAP back end. A remote attacker could use this flaw to cause the KDC to hang via a specially crafted request. (CVE-2011-0281)

Red Hat would like to thank the MIT Kerberos Team for reporting these issues. Upstream acknowledges Kevin Longfellow of Oracle Corporation as the original reporter of the CVE-2011-0281 issue.

All krb5 users should upgrade to these updated packages, which contain a backported patch to correct these issues. After installing the updated packages, the krb5kdc daemon will be restarted automatically.

Updated krb5 packages that fix three security issues are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC).

A NULL pointer dereference flaw was found in the way the MIT Kerberos KDC processed principal names that were not null terminated, when the KDC was configured to use an LDAP back end. A remote attacker could use this flaw to crash the KDC via a specially crafted request.
(CVE-2011-0282)

A denial of service flaw was found in the way the MIT Kerberos KDC processed certain principal names when the KDC was configured to use an LDAP back end. A remote attacker could use this flaw to cause the KDC to hang via a specially crafted request. (CVE-2011-0281)

A denial of service flaw was found in the way the MIT Kerberos V5 slave KDC update server (kpropd) processed certain update requests for KDC database propagation. A remote attacker could use this flaw to terminate the kpropd daemon via a specially crafted update request.
(CVE-2010-4022)

Red Hat would like to thank the MIT Kerberos Team for reporting the CVE-2011-0282 and CVE-2011-0281 issues. Upstream acknowledges Kevin Longfellow of Oracle Corporation as the original reporter of the CVE-2011-0281 issue.

All krb5 users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the krb5kdc daemon will be restarted automatically.

An advisory published by the MIT Kerberos team says :

The MIT krb5 Key Distribution Center (KDC) daemon is vulnerable to denial of service attacks from unauthenticated remote attackers.
CVE-2011-0281 and CVE-2011-0282 occur only in KDCs using LDAP back ends, but CVE-2011-0283 occurs in all krb5-1.9 KDCs.

Exploit code is not known to exist, but the vulnerabilities are easy to trigger manually. The trigger for CVE-2011-0281 has already been disclosed publicly, but that fact might not be obvious to casual readers of the message in which it was disclosed. The triggers for CVE-2011-0282 and CVE-2011-0283 have not yet been disclosed publicly, but they are also trivial.

CVE-2011-0281: An unauthenticated remote attacker can cause a KDC configured with an LDAP back end to become completely unresponsive until restarted.

CVE-2011-0282: An unauthenticated remote attacker can cause a KDC configured with an LDAP back end to crash with a NULL pointer dereference.

CVE-2011-0283: An unauthenticated remote attacker can cause a krb5-1.9 KDC with any back end to crash with a NULL pointer dereference.

The remote NewStart CGSL host, running version MAIN 6.06, has krb5 packages installed that are affected by multiple vulnerabilities:

  - plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles     Distinguished Name (DN) fields, which allows remote attackers to execute arbitrary code or cause a denial     of service (buffer overflow and application crash) in situations involving untrusted X.509 data, related     to the get_matching_data and X509_NAME_oneline_ex functions. NOTE: this has security relevance only in use     cases outside of the MIT Kerberos distribution, e.g., the use of get_matching_data in KDC certauth plugin     code that is specific to Red Hat. (CVE-2017-15088)

  - The process_chpw_request function in schpw.c in the password-changing functionality in kadmind in MIT     Kerberos 5 (aka krb5) 1.7 through 1.9 frees an invalid pointer, which allows remote attackers to execute     arbitrary code or cause a denial of service (daemon crash) via a crafted request that triggers an error     condition. (CVE-2011-0285)

  - schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly     validate UDP packets before sending responses, which allows remote attackers to cause a denial of service     (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by     krb_pingpong.nasl, a related issue to CVE-1999-0103. (CVE-2002-2443)

  - The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b)     Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to     gain privileges by causing setuid to fail to drop privileges. NOTE: as of 20060808, it is not known     whether an exploitable attack scenario exists for these issues. (CVE-2006-3084)

  - The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1, as used in Kerberos administration     daemon (kadmind) and other products that use this library, calls an uninitialized function pointer in     freed memory, which allows remote attackers to cause a denial of service (crash) and possibly execute     arbitrary code via unspecified vectors. (CVE-2006-6143)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Published	Updated	Severity
57655	GLSA-201201-13 : MIT Kerberos 5: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	1/24/2012	1/6/2021	medium
53418	CentOS 5 : krb5 (CESA-2011:0199)	Nessus	CentOS Local Security Checks	4/15/2011	1/4/2021	medium
51918	RHEL 6 : krb5 (RHSA-2011:0200)	Nessus	Red Hat Local Security Checks	2/9/2011	1/14/2021	medium
53440	FreeBSD : krb5 -- MITKRB5-SA-2011-002, KDC vulnerable to hang when using LDAP back end (4ab413ea-66ce-11e0-bf05-d445f3aa24f0)	Nessus	FreeBSD Local Security Checks	4/15/2011	1/6/2021	medium
51917	RHEL 5 : krb5 (RHSA-2011:0199)	Nessus	Red Hat Local Security Checks	2/9/2011	1/14/2021	medium
266225	NewStart CGSL MAIN 6.06 : krb5 Multiple Vulnerabilities (NS-SA-2025-0215)	Nessus	NewStart CGSL Local Security Checks	9/30/2025	10/1/2025	critical

Detections

Analytics

Plugins Search

medium

medium

medium

medium

medium

critical