CVE-2011-0283
published 2011-02-10CVE-2011-0283: The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon…
PriorityP422medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
2.62%
83.6th percentile
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed request packet that does not trigger a response packet.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | krb5 | — | — |
| mit | kerberos_5 | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_debian5.0LOW
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
krb5: uninitialized pointer use in krb5kdc leads to KDC crash
vendor_redhat·2011-02-08·CVSS 5.0
CVE-2011-0283 [MEDIUM] krb5: uninitialized pointer use in krb5kdc leads to KDC crash
krb5: uninitialized pointer use in krb5kdc leads to KDC crash
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed request packet that does not trigger a response packet.
Statement: This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 3, 4, 5 or 6.
Package: krb5 (Red Hat Enterprise Linux 6) - Not affected
Debian
CVE-2011-0283: krb5 - The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 allows remote...
vendor_debian·2011·CVSS 5.0
CVE-2011-0283 [MEDIUM] CVE-2011-0283: krb5 - The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 allows remote...
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed request packet that does not trigger a response packet.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
Red Hat
kernel: possible kernel oops from user MSS
vendor_redhat·2010-11-10·CVSS 4.9
CVE-2010-4165 [MEDIUM] kernel: possible kernel oops from user MSS
kernel: possible kernel oops from user MSS
The do_tcp_setsockopt function in net/ipv4/tcp.c in the Linux kernel before 2.6.37-rc2 does not properly restrict TCP_MAXSEG (aka MSS) values, which allows local users to cause a denial of service (OOPS) via a setsockopt call that specifies a small value, leading to a divide-by-zero error or incorrect use of a signed integer.
Statement: This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 and 5 as they did not backport the upstream commit that introduced the issue. This has been addressed in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0283.html and https://rhn.redhat.com/errata/RHSA-2011-0330.html.
GHSA
GHSA-g47g-hw4g-7x2c: The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1
ghsa_unreviewed·2022-05-13
CVE-2011-0283 [MEDIUM] GHSA-g47g-hw4g-7x2c: The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed request packet that does not trigger a response packet.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2011-0283 krb5: uninitialized pointer use in krb5kdc leads to KDC crash [fedora-rawhide]
bugzilla·2011-02-08·CVSS 5.0
CVE-2011-0283 [MEDIUM] CVE-2011-0283 krb5: uninitialized pointer use in krb5kdc leads to KDC crash [fedora-rawhide]
CVE-2011-0283 krb5: uninitialized pointer use in krb5kdc leads to KDC crash [fedora-rawhide]
fedora-rawhide tracking bug for krb5: see blocks bug list for full details of the security issue(s).
This bug is never intended to be made public, please put any public notes
in the 'blocks' bugs.
[bug automatically created by: add-tracking-bugs]
Bugzilla
CVE-2011-0283 krb5: uninitialized pointer use in krb5kdc leads to KDC crash
bugzilla·2011-01-18·CVSS 5.0
CVE-2011-0283 [MEDIUM] CVE-2011-0283 krb5: uninitialized pointer use in krb5kdc leads to KDC crash
CVE-2011-0283 krb5: uninitialized pointer use in krb5kdc leads to KDC crash
Changes in the KDC network code in the krb5-1.9 release introduced a bug that allows a null pointer dereference, which would cause the KDC to crash. Any request packet that is sufficiently malformed that the KDC would not generate a response packet can trigger this bug.
This flaw will be addressed as part of MITKRB5-SA-2011-002. It does not affect any version of Kerberos prior to 1.9.
Discussion:
This issue is now public:
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt
Statement:
This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 3, 4, 5 or 6.
---
Created krb5 tracking bugs for this issue
Affects: fedora-rawhide [bug 676126]
http://secunia.com/advisories/43260http://securityreason.com/securityalert/8073http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txthttp://www.securityfocus.com/archive/1/516299/100/0/threadedhttp://www.securityfocus.com/bid/46272http://www.securitytracker.com/id?1025037http://www.vupen.com/english/advisories/2011/0330http://secunia.com/advisories/43260http://securityreason.com/securityalert/8073http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txthttp://www.securityfocus.com/archive/1/516299/100/0/threadedhttp://www.securityfocus.com/bid/46272http://www.securitytracker.com/id?1025037http://www.vupen.com/english/advisories/2011/0330
2011-02-10
Published