krb5: fixed kdc remote denial of service ( CVE-2011-1528, CVE-2011-1529) and unauthorized file access (CVE-2011-1526)
The following issues have been fixed:
- CVE-2011-1528: In releases krb5-1.8 and later, the KDC
can crash due to an assertion failure.
- CVE-2011-1529: In releases krb5-1.8 and later, the KDC
can crash due to a null pointer dereference.
Both bugs could be triggered by unauthenticated remote
attackers. Additionally CVE-2011-1526 was fixed that
allowed authenticated users to access files via krb5 ftpd
they should not have access to.
-
Submitted by
Adrian Schröter (adrianSuSE)
- Version 5303
Fixed bugs
bnc#719393
VUL-0: krb5: kdc remote denial of service
CVE#CVE-2011-1526
ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overw
CVE#CVE-2011-1528
The krb5_ldap_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (assertion failure and dae
CVE#CVE-2011-1529
The lookup_lockout_policy function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the db2 (aka Berkeley DB) or LDAP back end is used, allows remote attackers to cause a denial of service (NU
