CVE-2011-1527

Name of the Vulnerable Software and Affected Versions MIT Kerberos 5 versions 1.9 through 1.9.1 MIT Kerberos 5 versions prior to 1.9.2

Description The issue allows remote attackers to cause a denial of service, potentially leading to a disruption in confidentiality, integrity, and availability of protected information. This can be achieved through a kinit operation with incorrect string case for the realm. The functions is principal in realm, krb5 set error message, krb5 ldap get principal, and process as req are related to this issue.

Recommendations For versions 1.9 through 1.9.1, update to version 1.9.2 or later to resolve the issue. For versions prior to 1.9.2, update to version 1.9.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the kdb ldap plugin in the Key Distribution Center (KDC) until a patch is available.