The MIT krb5 Key Distribution Center (KDC) daemon is vulnerable
to denial of service attacks from unauthenticated remote
attackers. CVE-2011-0281 and CVE-2011-0282 occur only in KDCs
using LDAP back ends, but CVE-2011-0283 occurs in all krb5-1.9
KDCs.
Exploit code is not known to exist, but the vulnerabilities are
easy to trigger manually. The trigger for CVE-2011-0281 has
already been disclosed publicly, but that fact might not be
obvious to casual readers of the message in which it was
disclosed. The triggers for CVE-2011-0282 and CVE-2011-0283
have not yet been disclosed publicly, but they are also
trivial.
CVE-2011-0281: An unauthenticated remote attacker can cause a KDC
configured with an LDAP back end to become completely unresponsive
until restarted.
CVE-2011-0282: An unauthenticated remote attacker can cause a KDC
configured with an LDAP back end to crash with a null pointer
dereference.
CVE-2011-0283: An unauthenticated remote attacker can cause a
krb5-1.9 KDC with any back end to crash with a null pointer
dereference.