Search for vulnerabilities
Vulnerability details: VCID-1k1n-jjug-aaap
Vulnerability ID VCID-1k1n-jjug-aaap
Aliases CVE-2011-1527
Summary The kdb_ldap plugin in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a kinit operation with incorrect string case for the realm, related to the is_principal_in_realm, krb5_set_error_message, krb5_ldap_get_principal, and process_as_req functions.
Status Published
Exploitability 0.5
Weighted Severity 7.0
Risk 3.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-20 Improper Input Validation
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2011:1379
epss 0.03837 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.03837 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.03837 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.03837 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.03837 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.03837 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.03837 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.03837 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.03837 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.03837 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.03837 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.03837 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.03837 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.03837 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.03837 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.03837 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.03837 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.03837 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.03837 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.03837 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.03837 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.03837 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.03837 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.03837 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.03837 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.03837 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.03837 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.03837 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.03837 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.03837 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.03837 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.03837 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.03837 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.03837 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.03837 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.03837 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.03837 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.03837 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.03837 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.03837 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.03837 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.03837 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.03837 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.03837 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.03837 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.03837 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.03837 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.03837 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.03837 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.03837 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.03837 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.03837 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.03837 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.03837 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.03837 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.03837 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.03837 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.03837 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.03837 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.03837 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.03837 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.05377 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.05377 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.05377 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.08207 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.61018 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.61018 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.65654 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.65654 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.65654 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.65654 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.65654 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.65654 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.65654 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.65654 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.65654 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.65654 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.67694 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.67694 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
epss 0.70704 https://api.first.org/data/v1/epss?cve=CVE-2011-1527
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=737711
cvssv2 7.8 https://nvd.nist.gov/vuln/detail/CVE-2011-1527
Reference id Reference type URL
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629558
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1527.json
https://api.first.org/data/v1/epss?cve=CVE-2011-1527
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1527
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-006.txt
http://www.kb.cert.org/vuls/id/659251
http://www.mandriva.com/security/advisories?name=MDVSA-2011:159
http://www.redhat.com/support/errata/RHSA-2011-1379.html
646367 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=646367
737711 https://bugzilla.redhat.com/show_bug.cgi?id=737711
cpe:2.3:a:mit:kerberos_5:1.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:1.9:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.9.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:1.9.1:*:*:*:*:*:*:*
CVE-2011-1527 https://nvd.nist.gov/vuln/detail/CVE-2011-1527
GLSA-201201-13 https://security.gentoo.org/glsa/201201-13
RHSA-2011:1379 https://access.redhat.com/errata/RHSA-2011:1379
USN-1233-1 https://usn.ubuntu.com/1233-1/
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2011-1527
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.87111
EPSS Score 0.03837
Published At April 3, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.