Debian Security Advisory
DSA-2379-1 krb5 -- several vulnerabilities
- Date Reported:
- 04 Jan 2012
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2011-1528, CVE-2011-1529.
- More information:
It was discovered that the Key Distribution Center (KDC) in Kerberos 5 crashes when processing certain crafted requests:
When the LDAP backend is used, remote users can trigger a KDC daemon crash and denial of service.
When the LDAP or Berkeley DB backend is used, remote users can trigger a NULL pointer dereference in the KDC daemon and a denial of service.
The oldstable distribution (lenny) is not affected by these problems.
For the stable distribution (squeeze), these problems have been fixed in version 1.8.3+dfsg-4squeeze5.
For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 1.10+dfsg~alpha1-1.
We recommend that you upgrade your krb5 packages.