CVE-2011-0281

Name of the Vulnerable Software and Affected Versions MIT Kerberos 5 versions 1.6.x through 1.9

Description The issue allows remote attackers to cause a denial of service, specifically file descriptor exhaustion and daemon hang, when an LDAP backend is used in the Key Distribution Center (KDC) implementation. This can be triggered by a principal name that includes a backslash escape sequence, such as a sequence. Multiple vulnerabilities in the mit-krb5 package may lead to breaches of confidentiality, integrity, and availability of protected information, and these vulnerabilities can be exploited remotely.

Recommendations For versions 1.6.x through 1.9, update to a version newer than 1.9, specifically 1.9.2-r1 or later, to resolve the issue. As a temporary workaround, consider restricting the use of backslash escape sequences in principal names to minimize the risk of exploitation.