The unparse implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (file descriptor exhaustion and daemon hang) via a principal name that triggers use of a backslash escape sequence, as demonstrated by a \n sequence.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2011-02-10T17:00:00

Updated: 2024-08-06T21:51:07.754Z

Reserved: 2011-01-03T00:00:00

Link: CVE-2011-0281

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2011-02-10T18:00:55.237

Modified: 2020-01-21T15:46:10.500

Link: CVE-2011-0281

cve-icon Redhat

Severity : Important

Publid Date: 2011-02-08T00:00:00Z

Links: CVE-2011-0281 - Bugzilla