CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
AI Score
Confidence
High
EPSS
Percentile
98.1%
Nalin Dahyabhai, Andrej Ota and Kyle Moffett discovered a NULL
pointer dereference in the KDC LDAP backend. An unauthenticated
remote attacker could use this to cause a denial of service. This
issue affected Ubuntu 11.10. (CVE-2011-1527)
Mark Deneen discovered that an assert() could be triggered in the
krb5_ldap_lockout_audit() function in the KDC LDAP backend and
the krb5_db2_lockout_audit() function in the KDC DB2 backend. An
unauthenticated remote attacker could use this to cause a denial of
service. (CVE-2011-1528)
It was discovered that a NULL pointer dereference could occur in the
lookup_lockout_policy() function in the KDC LDAP and DB2 backends.
An unauthenticated remote attacker could use this to cause a denial of
service. (CVE-2011-1529)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 11.10 | noarch | krb5-kdc-ldap | < 1.9.1+dfsg-1ubuntu1.1 | UNKNOWN |
Ubuntu | 11.10 | noarch | krb5-admin-server | < 1.9.1+dfsg-1ubuntu1.1 | UNKNOWN |
Ubuntu | 11.10 | noarch | krb5-gss-samples | < 1.9.1+dfsg-1ubuntu1.1 | UNKNOWN |
Ubuntu | 11.10 | noarch | krb5-kdc | < 1.9.1+dfsg-1ubuntu1.1 | UNKNOWN |
Ubuntu | 11.10 | noarch | krb5-multidev | < 1.9.1+dfsg-1ubuntu1.1 | UNKNOWN |
Ubuntu | 11.10 | noarch | krb5-pkinit | < 1.9.1+dfsg-1ubuntu1.1 | UNKNOWN |
Ubuntu | 11.10 | noarch | krb5-user | < 1.9.1+dfsg-1ubuntu1.1 | UNKNOWN |
Ubuntu | 11.10 | noarch | libgssapi-krb5-2 | < 1.9.1+dfsg-1ubuntu1.1 | UNKNOWN |
Ubuntu | 11.10 | noarch | libgssrpc4 | < 1.9.1+dfsg-1ubuntu1.1 | UNKNOWN |
Ubuntu | 11.10 | noarch | libk5crypto3 | < 1.9.1+dfsg-1ubuntu1.1 | UNKNOWN |