Published: 27/03/2009 Updated: 21/01/2020

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 up to and including 1.6.3, when SPNEGO is used, allows remote malicious users to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mit kerberos 5 1.5.2
mit kerberos 5 1.5.1
mit kerberos 5 1.5
mit kerberos 5 1.6.2
mit kerberos 5 1.6.1
mit kerberos 5 1.6
mit kerberos 5 1.5.3
mit kerberos 5-1.6.3

Synopsis Important: krb5 security update Type/Severity Security Advisory: Important Topic Updated krb5 packages that fix various security issues are now availablefor Red Hat Enterprise Linux 5This update has been rated as having important security impact by the RedHat Security Response Team Descr ...

Multiple flaws were discovered in the Kerberos GSS-API and ASN1 routines that did not correctly handle certain requests An unauthenticated remote attacker could send specially crafted traffic to crash services using the Kerberos library, leading to a denial of service ...

Several vulnerabilities have been found in the MIT reference implementation of Kerberos V5, a system for authenticating users and services on a network The Common Vulnerabilities and Exposures project identified the following problems: CVE-2009-0844 The Apple Product Security team discovered that the SPNEGO GSS-API mechanism suffers of a missing ...

CWE-20 http://src.mit.edu/fisheye/browse/krb5/trunk/src/lib/gssapi/spnego/spnego_mech.c?r1=21875&r2=22084 http://www.securityfocus.com/bid/34257 http://secunia.com/advisories/34347 http://krbdev.mit.edu/rt/Ticket/Display.html?user=guest&pass=guest&id=6402 http://www.vupen.com/english/advisories/2009/0847 http://src.mit.edu/fisheye/changelog/krb5/?cs=22084 http://www.mandriva.com/security/advisories?name=MDVSA-2009:082 http://www.kb.cert.org/vuls/id/662091 http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-001.txt http://www.ubuntu.com/usn/usn-755-1 http://wiki.rpath.com/Advisories:rPSA-2009-0058 http://security.gentoo.org/glsa/glsa-200904-09.xml http://www.vupen.com/english/advisories/2009/0976 http://www.securitytracker.com/id?1021867 http://secunia.com/advisories/34640 http://secunia.com/advisories/34617 http://secunia.com/advisories/34594 http://secunia.com/advisories/34637 http://secunia.com/advisories/34622 http://secunia.com/advisories/34630 https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00205.html https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00206.html http://www.redhat.com/support/errata/RHSA-2009-0408.html http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058 http://secunia.com/advisories/34628 http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm http://sunsolve.sun.com/search/document.do?assetkey=1-26-256728-1 http://www.vupen.com/english/advisories/2009/1106 http://www.vupen.com/english/advisories/2009/1057 http://secunia.com/advisories/34734 http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html http://www.vupen.com/english/advisories/2009/1297 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://www.us-cert.gov/cas/techalerts/TA09-133A.html http://secunia.com/advisories/35074 http://support.apple.com/kb/HT3549 http://www-01.ibm.com/support/docview.wss?uid=swg21396120 http://www.vupen.com/english/advisories/2009/2248 https://exchange.xforce.ibmcloud.com/vulnerabilities/49448 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6449 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10044 http://www.securityfocus.com/archive/1/502546/100/0/threaded http://www.securityfocus.com/archive/1/502526/100/0/threaded https://access.redhat.com/errata/RHSA-2009:0408 https://usn.ubuntu.com/755-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2009-0845

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect