The unparse implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (file descriptor exhaustion and daemon hang) via a principal name that triggers use of a backslash escape sequence, as demonstrated by a \n sequence.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2011-02-10T17:00:00
Updated: 2024-08-06T21:51:07.754Z
Reserved: 2011-01-03T00:00:00
Link: CVE-2011-0281
Vulnrichment
No data.
NVD
Status : Modified
Published: 2011-02-10T18:00:55.237
Modified: 2024-11-21T01:23:41.997
Link: CVE-2011-0281
Redhat