CVE-2011-1527

Publication date 18 October 2011

Last updated 24 July 2024

Ubuntu priority

Medium

Why this priority?

The kdb_ldap plugin in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a kinit operation with incorrect string case for the realm, related to the is_principal_in_realm, krb5_set_error_message, krb5_ldap_get_principal, and process_as_req functions.

Read the notes from the security team

Status

Package Ubuntu Release Status
krb5 11.10 oneiric
Fixed 1.9.1+dfsg-1ubuntu1.1
11.04 natty
Not affected
10.10 maverick
Not affected
10.04 LTS lucid
Not affected
8.04 LTS hardy
Not affected

Notes

sbeattie

CRD Tuesday, 18 October 2011, at 14:00 US/Eastern time krb5 1.9 only

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
krb5

References

Related Ubuntu Security Notices (USN)

    • USN-1233-1
    • Kerberos Vulnerabilities
    • 18 October 2011

Other references