CVE-2011-1527: Input Validation
First published: Thu Oct 20 2011(Updated: )
The kdb_ldap plugin in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a kinit operation with incorrect string case for the realm, related to the is_principal_in_realm, krb5_set_error_message, krb5_ldap_get_principal, and process_as_req functions.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| MIT Kerberos 5 | =1.9 | |
| MIT Kerberos 5 | =1.9.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2011-1527?
CVE-2011-1527 has a critical severity as it allows remote attackers to cause a denial of service.
How do I fix CVE-2011-1527?
To fix CVE-2011-1527, it is recommended to upgrade to a patched version of MIT Kerberos 5 that addresses this vulnerability.
In which versions of MIT Kerberos 5 does CVE-2011-1527 exist?
CVE-2011-1527 exists in MIT Kerberos 5 versions 1.9 and 1.9.1.
What impact does CVE-2011-1527 have on systems?
The impact of CVE-2011-1527 is a potential denial of service, leading to crashes of the KDC daemon.
Who are the potential attackers for CVE-2011-1527?
Remote attackers who can perform kinit operations can exploit CVE-2011-1527.
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/references
- agent/last-modified-date
- agent/description
- agent/event
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- agent/tags
- agent/source
- vendor/mit
- canonical/mit kerberos 5
- version/mit kerberos 5/1.9
- version/mit kerberos 5/1.9.1