CVSS: 7.5EPSS: 11%CPEs: 11EXPL: 0CVE-2011-0281 – krb5: KDC hang when using LDAP backend caused by special principal name (MITKRB5-SA-2011-002)
https://notcve.org/view.php?id=CVE-2011-0281
10 Feb 2011 — The unparse implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (file descriptor exhaustion and daemon hang) via a principal name that triggers use of a backslash escape sequence, as demonstrated by a \n sequence. La implementación unparse en el Key Distribution Center (KDC) de MIT Kerberos v5 (también conocido como krb5) v1.6.x a v1.9, cuando se usa un backend LDAP, permite a a... • http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 10%CPEs: 11EXPL: 0CVE-2011-0282 – krb5: KDC crash when using LDAP backend caused by a special principal name (MITKRB5-SA-2011-002)
https://notcve.org/view.php?id=CVE-2011-0282
10 Feb 2011 — The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (NULL pointer dereference or buffer over-read, and daemon crash) via a crafted principal name. El Key Distribution Center (KDC) en MIT Kerberos 5 (también conocido como krb5) v1.6.x hasta v1.9 cuando un se utiliza un backend LDAP, permite a atacantes remotos provocar una denegación de servicio (desreferencia a puntero nulo o sobre-lectura, y caí... • http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html •
CVSS: 7.5EPSS: 8%CPEs: 3EXPL: 0CVE-2010-4022 – krb5: kpropd unexpected termination on invalid input (MITKRB5-SA-2011-001)
https://notcve.org/view.php?id=CVE-2010-4022
10 Feb 2011 — The do_standalone function in the MIT krb5 KDC database propagation daemon (kpropd) in Kerberos 1.7, 1.8, and 1.9, when running in standalone mode, does not properly handle when a worker child process "exits abnormally," which allows remote attackers to cause a denial of service (listening process termination, no new connections, and lack of updates in slave KVC) via unspecified vectors. La función do_standalone en MIT krb5 KDC del demonio de propagación de la base de datos (kpropd) en Kerberos v1.7, v1.8 y... • http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html • CWE-20: Improper Input Validation •