Bug 743742 - (CVE-2011-4151) VUL-1: CVE-2011-4151: krb5: krb5_db2_lockout_audit() DoS (assertion failure)
VUL-1: CVE-2011-4151: krb5: krb5_db2_lockout_audit() DoS (assertion failure)
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: General
Other Other
: P4 - Low : Normal
: ---
Assigned To: Michael Calmer
Security Team bot
Depends on:
  Show dependency treegraph
Reported: 2012-01-27 08:42 UTC by Matthias Weckbecker
Modified: 2019-05-01 15:59 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Matthias Weckbecker 2012-01-27 08:42:14 UTC
Name: CVE-2011-4151
The krb5_db2_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4, when the db2 (aka Berkeley DB) back end is used, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors, a different vulnerability than CVE-2011-1528.

Reference: CERT-VN: http://www.kb.cert.org/vuls/id/659251
Reference: XF: http://xforce.iss.net/xforce/xfdb/70891
Reference: CONFIRM: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-006.txt
Comment 1 Michael Calmer 2012-01-27 10:00:46 UTC
The patch is already released. Only this CVE is missing in the changelog,
but the fix has not changed.

What should I do now?
Comment 3 Marcus Meissner 2012-01-27 13:22:33 UTC
for whic distros was it fixed? in the last update i guess?
Comment 5 Marcus Meissner 2012-01-27 15:09:58 UTC
I linked CVE-2011-4151 and CVE-2011-1527 also to 74772a873ea725240d9cf158c713b16f,
will appeae on the cve pages on next run.

no need for new submissions
Comment 6 Matthias Weckbecker 2013-03-21 09:47:04 UTC
(In reply to comment #4)
> It was fixed for:
> oS 11.3
> oS 11.4
> os 12.1

Stumbled across this. For the sake of completeness: 12.3 is also patched.