Bugzilla – Bug 743742
VUL-1: CVE-2011-4151: krb5: krb5_db2_lockout_audit() DoS (assertion failure)
Last modified: 2019-05-01 15:59:12 UTC
The krb5_db2_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4, when the db2 (aka Berkeley DB) back end is used, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors, a different vulnerability than CVE-2011-1528.
Reference: CERT-VN: http://www.kb.cert.org/vuls/id/659251
Reference: XF: http://xforce.iss.net/xforce/xfdb/70891
Reference: CONFIRM: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-006.txt
The patch is already released. Only this CVE is missing in the changelog,
but the fix has not changed.
What should I do now?
for whic distros was it fixed? in the last update i guess?
I linked CVE-2011-4151 and CVE-2011-1527 also to 74772a873ea725240d9cf158c713b16f,
will appeae on the cve pages on next run.
no need for new submissions
(In reply to comment #4)
> It was fixed for:
> oS 11.3
> oS 11.4
> os 12.1
Stumbled across this. For the sake of completeness: 12.3 is also patched.