CVE-2011-1530
published 2011-12-08CVE-2011-1530: The process_tgs_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.2 allows remote authenticated…
PriorityP424medium6.8CVSS 2.0
AVNACLAuSCNINAC
EPSS
2.47%
82.5th percentile
The process_tgs_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS request that triggers an error other than the KRB5_KDB_NOENTRY error.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | krb5 | < krb5 1.10+dfsg~alpha1-7 (bookworm) | krb5 1.10+dfsg~alpha1-7 (bookworm) |
| mit | krb5 | >= 0 < 1.10+dfsg~alpha1-7 | 1.10+dfsg~alpha1-7 |
| mit | krb5 | >= 0 < 1.10+dfsg~alpha1-7 | 1.10+dfsg~alpha1-7 |
| mit | krb5 | >= 0 < 1.10+dfsg~alpha1-7 | 1.10+dfsg~alpha1-7 |
| mit | krb5 | >= 0 < 1.10+dfsg~alpha1-7 | 1.10+dfsg~alpha1-7 |
| mit | mit_kerberos | — | — |
| mit | mit_kerberos | — | — |
| mit | mit_kerberos | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:C
osv6.8MEDIUM
vendor_debian6.8MEDIUM
vendor_redhat6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3vf4-p6xq-xxr9: The process_tgs_req function in do_tgs_req
ghsa_unreviewed·2022-05-14
CVE-2011-1530 [MEDIUM] GHSA-3vf4-p6xq-xxr9: The process_tgs_req function in do_tgs_req
The process_tgs_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS request that triggers an error other than the KRB5_KDB_NOENTRY error.
OSV
CVE-2011-1530: The process_tgs_req function in do_tgs_req
osv·2011-12-08·CVSS 6.8
CVE-2011-1530 [MEDIUM] CVE-2011-1530: The process_tgs_req function in do_tgs_req
The process_tgs_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS request that triggers an error other than the KRB5_KDB_NOENTRY error.
Ubuntu
Kerberos vulnerability
vendor_ubuntu·2011-12-08
CVE-2011-1530 Kerberos vulnerability
Title: Kerberos vulnerability
Summary: The Kerberos Key Distribution Center (KDC) could be made to crash.
Simo Sorce discovered that a NULL pointer dereference existed in
the Kerberos Key Distribution Center (KDC). An authenticated remote
attacker could use this to cause a denial of service.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
(krb5kdc): NULL pointer dereference in the TGS handling (MITKRB5-SA-2011-007)
vendor_redhat·2011-12-06·CVSS 6.8
CVE-2011-1530 [MEDIUM] CWE-476 (krb5kdc): NULL pointer dereference in the TGS handling (MITKRB5-SA-2011-007)
(krb5kdc): NULL pointer dereference in the TGS handling (MITKRB5-SA-2011-007)
The process_tgs_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS request that triggers an error other than the KRB5_KDB_NOENTRY error.
Statement: Not vulnerable. This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 4 and 5.
Package: krb5 (Red Hat Enterprise Linux 4) - Not affected
Package: krb5 (Red Hat Enterprise Linux 5) - Not affected
Red Hat
kernel: keys: NULL pointer deref in the user-defined key type
vendor_redhat·2011-11-15·CVSS 2.1
CVE-2011-4110 [LOW] CWE-476 kernel: keys: NULL pointer deref in the user-defined key type
kernel: keys: NULL pointer deref in the user-defined key type
The user_update function in security/keys/user_defined.c in the Linux kernel 2.6 allows local users to cause a denial of service (NULL pointer dereference and kernel oops) via vectors related to a user-defined key and "updating a negative key into a fully instantiated key."
Statement: This issue affects the Linux kernel as shipped with Red Hat Enterprise Linux 4,
5, 6, and Red Hat Enterprise MRG. This has been addressed in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-1479.html, https://rhn.redhat.com/errata/RHSA-2011-1530.html, and https://rhn.redhat.com/errata/RHSA-2012-0010.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://ac
Red Hat
kernel: be2net: promiscuous mode and non-member VLAN packets DoS
vendor_redhat·2011-10-20·CVSS 4.6
CVE-2011-3347 [MEDIUM] kernel: be2net: promiscuous mode and non-member VLAN packets DoS
kernel: be2net: promiscuous mode and non-member VLAN packets DoS
A certain Red Hat patch to the be2net implementation in the kernel package before 2.6.32-218.el6 on Red Hat Enterprise Linux (RHEL) 6, when promiscuous mode is enabled, allows remote attackers to cause a denial of service (system crash) via non-member VLAN packets.
Statement: This has been addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2011-1386.html. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 as it did not include support for ServerEngines' 10Gbps network adapter - BladeEngine. This has been addressed in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2011-1530.html. A future kernel update in Red Hat Enterprise MRG may
Red Hat
kernel: ext4: ext4_ext_insert_extent() kernel oops
vendor_redhat·2011-09-28·CVSS 4.0
CVE-2011-3638 [MEDIUM] kernel: ext4: ext4_ext_insert_extent() kernel oops
kernel: ext4: ext4_ext_insert_extent() kernel oops
fs/ext4/extents.c in the Linux kernel before 3.0 does not mark a modified extent as dirty in certain cases of extent splitting, which allows local users to cause a denial of service (system crash) via vectors involving ext4 umount and mount operations.
Statement: This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 as it did not include support for EXT4 filesystem. It did not affect the Linux kernel as shipped with Red Hat Enterprise MRG as it has backported the upstream commit 667eff35 that addressed this issue. This has been addressed in Red Hat Enterprise Linux 5 and 6 via https://rhn.redhat.com/errata/RHSA-2012-0107.html and https://rhn.redhat.com/errata/RHSA-2011-1530.html.
Package: kern
Red Hat
kernel: no access restrictions of /proc/pid/* after setuid program exec
vendor_redhat·2011-02-07·CVSS 4.6
CVE-2011-1020 [MEDIUM] kernel: no access restrictions of /proc/pid/* after setuid program exec
kernel: no access restrictions of /proc/pid/* after setuid program exec
The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls.
Statement: Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates.
This has been addressed in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG via RHSA-2012:0007, RHSA-2011:1530 and RHSA-2011:1253 respectively
Debian
CVE-2011-1530: krb5 - The process_tgs_req function in do_tgs_req.c in the Key Distribution Center (KDC...
vendor_debian·2011·CVSS 6.8
CVE-2011-1530 [MEDIUM] CVE-2011-1530: krb5 - The process_tgs_req function in do_tgs_req.c in the Key Distribution Center (KDC...
The process_tgs_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS request that triggers an error other than the KRB5_KDB_NOENTRY error.
Scope: local
bookworm: resolved (fixed in 1.10+dfsg~alpha1-7)
bullseye: resolved (fixed in 1.10+dfsg~alpha1-7)
forky: resolved (fixed in 1.10+dfsg~alpha1-7)
sid: resolved (fixed in 1.10+dfsg~alpha1-7)
trixie: resolved (fixed in 1.10+dfsg~alpha1-7)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2011-1530 krb5 (krb5kdc): NULL pointer dereference in the TGS handling (MITKRB5-SA-2011-007)
bugzilla·2011-11-14·CVSS 6.8
CVE-2011-1530 [MEDIUM] CVE-2011-1530 krb5 (krb5kdc): NULL pointer dereference in the TGS handling (MITKRB5-SA-2011-007)
CVE-2011-1530 krb5 (krb5kdc): NULL pointer dereference in the TGS handling (MITKRB5-SA-2011-007)
A denial of service flaw was found in the way krb5kdc daemon of the Kerberos 5 Key Distribution Center (KDC) processed certain TGS (Ticket Granting Service) requests. A remote attacker, with ability to authenticate as a principal in the KDC's realm, could use this flaw to cause krb5kdc daemon crash (due NULL pointer dereference) via TGS-REQ request with unknown service principal.
References:
[1] http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-007.txt (not public yet)
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1530 (not public yet)
Relevant upstream patch:
[3] http://web.mit.edu/kerberos/advisories/2011-007-patch.txt (not public yet)
Discussion:
Acknowledgements:
Red
Bugzilla
CVE-2011-4110 kernel: keys: NULL pointer deref in the user-defined key type
bugzilla·2011-11-04·CVSS 2.1
CVE-2011-4110 [LOW] CVE-2011-4110 kernel: keys: NULL pointer deref in the user-defined key type
CVE-2011-4110 kernel: keys: NULL pointer deref in the user-defined key type
A flaw was found in the way Linux kernel handled user-defined key types. An unprivileged local user could use this flaw to crash the system.
Reference:
https://lkml.org/lkml/2011/11/15/363
Discussion:
Created attachment 531725
CVE-2011-4110 proposed patch
---
Statement:
This issue affects the Linux kernel as shipped with Red Hat Enterprise Linux 4,
5, 6, and Red Hat Enterprise MRG. This has been addressed in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-1479.html, https://rhn.redhat.com/errata/RHSA-2011-1530.html, and https://rhn.redhat.com/errata/RHSA-2012-0010.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https:
http://secunia.com/advisories/47124http://securitytracker.com/id?1026374http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-007.txthttp://www.mandriva.com/security/advisories?name=MDVSA-2011:184http://www.redhat.com/support/errata/RHSA-2011-1790.htmlhttp://www.securityfocus.com/archive/1/520756/100/0/threadedhttp://www.securityfocus.com/bid/50929https://exchange.xforce.ibmcloud.com/vulnerabilities/71655http://secunia.com/advisories/47124http://securitytracker.com/id?1026374http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-007.txthttp://www.mandriva.com/security/advisories?name=MDVSA-2011:184http://www.redhat.com/support/errata/RHSA-2011-1790.htmlhttp://www.securityfocus.com/archive/1/520756/100/0/threadedhttp://www.securityfocus.com/bid/50929https://exchange.xforce.ibmcloud.com/vulnerabilities/71655
2011-12-08
Published