Bugzilla – Bug 743742
VUL-1: CVE-2011-4151: krb5: krb5_db2_lockout_audit() DoS (assertion failure)
Last modified: 2019-05-01 15:59:12 UTC
CVE-2011-4151 ====================================================== Name: CVE-2011-4151 The krb5_db2_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4, when the db2 (aka Berkeley DB) back end is used, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors, a different vulnerability than CVE-2011-1528. Reference: CERT-VN: http://www.kb.cert.org/vuls/id/659251 Reference: XF: http://xforce.iss.net/xforce/xfdb/70891 Reference: CONFIRM: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-006.txt
The patch is already released. Only this CVE is missing in the changelog, but the fix has not changed. What should I do now?
for whic distros was it fixed? in the last update i guess?
I linked CVE-2011-4151 and CVE-2011-1527 also to 74772a873ea725240d9cf158c713b16f, will appeae on the cve pages on next run. no need for new submissions
(In reply to comment #4) [...] > It was fixed for: > > oS 11.3 > oS 11.4 > os 12.1 > [...] Stumbled across this. For the sake of completeness: 12.3 is also patched.