10
CVSSv2

CVE-2009-0846

Published: 09/04/2009 Updated: 21/01/2020
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) prior to 1.6.4 allows remote malicious users to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer.

Vulnerable Product Search on Vulmon Subscribe to Product

mit kerberos 5-1.6.3

mit kerberos 5 -

mit kerberos 5 1.0

mit kerberos 5 1.0.6

mit kerberos 5 1.1

mit kerberos 5 1.1.1

mit kerberos 5 1.2

mit kerberos 5 1.2.1

mit kerberos 5 1.2.2

mit kerberos 5 1.2.3

mit kerberos 5 1.2.4

mit kerberos 5 1.2.5

mit kerberos 5 1.2.6

mit kerberos 5 1.2.7

mit kerberos 5 1.2.8

mit kerberos 5 1.3

mit kerberos 5 1.3.1

mit kerberos 5 1.3.2

mit kerberos 5 1.3.3

mit kerberos 5 1.3.4

mit kerberos 5 1.3.5

mit kerberos 5 1.3.6

mit kerberos 5 1.4

mit kerberos 5 1.4.1

mit kerberos 5 1.4.2

mit kerberos 5 1.4.3

mit kerberos 5 1.4.4

mit kerberos 5 1.5

mit kerberos 5 1.5.1

mit kerberos 5 1.5.2

mit kerberos 5 1.5.3

mit kerberos 5 1.6

mit kerberos 5 1.6.1

mit kerberos 5 1.6.2

Vendor Advisories

Synopsis Critical: krb5 security update Type/Severity Security Advisory: Critical Topic Updated krb5 packages that fix a security issue are now available for RedHat Enterprise Linux 21 and 3This update has been rated as having critical security impact by the RedHat Security Response Team Descrip ...
Synopsis Important: krb5 security update Type/Severity Security Advisory: Important Topic Updated krb5 packages that fix a security issue are now available for RedHat Enterprise Linux 4This update has been rated as having important security impact by the RedHat Security Response Team Description ...
Synopsis Important: krb5 security update Type/Severity Security Advisory: Important Topic Updated krb5 packages that fix various security issues are now availablefor Red Hat Enterprise Linux 5This update has been rated as having important security impact by the RedHat Security Response Team Descr ...
Multiple flaws were discovered in the Kerberos GSS-API and ASN1 routines that did not correctly handle certain requests An unauthenticated remote attacker could send specially crafted traffic to crash services using the Kerberos library, leading to a denial of service ...
Several vulnerabilities have been found in the MIT reference implementation of Kerberos V5, a system for authenticating users and services on a network The Common Vulnerabilities and Exposures project identified the following problems: CVE-2009-0844 The Apple Product Security team discovered that the SPNEGO GSS-API mechanism suffers of a missing ...
VMware ESX 400 without bulletin ESX400-200906405-SG ...

References

CWE-20http://lists.apple.com/archives/security-announce/2009/May/msg00002.htmlhttp://lists.vmware.com/pipermail/security-announce/2009/000059.htmlhttp://marc.info/?l=bugtraq&m=124896429301168&w=2http://marc.info/?l=bugtraq&m=130497213107107&w=2http://rhn.redhat.com/errata/RHSA-2009-0409.htmlhttp://rhn.redhat.com/errata/RHSA-2009-0410.htmlhttp://secunia.com/advisories/34594http://secunia.com/advisories/34598http://secunia.com/advisories/34617http://secunia.com/advisories/34622http://secunia.com/advisories/34628http://secunia.com/advisories/34630http://secunia.com/advisories/34637http://secunia.com/advisories/34640http://secunia.com/advisories/34734http://secunia.com/advisories/35074http://secunia.com/advisories/35667http://security.gentoo.org/glsa/glsa-200904-09.xmlhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-256728-1http://support.apple.com/kb/HT3549http://support.avaya.com/elmodocs2/security/ASA-2009-142.htmhttp://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.htmlhttp://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.htmlhttp://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-002.txthttp://wiki.rpath.com/Advisories:rPSA-2009-0058http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058http://www.kb.cert.org/vuls/id/662091http://www.mandriva.com/security/advisories?name=MDVSA-2009:098http://www.redhat.com/support/errata/RHSA-2009-0408.htmlhttp://www.securityfocus.com/archive/1/502527/100/0/threadedhttp://www.securityfocus.com/archive/1/502546/100/0/threadedhttp://www.securityfocus.com/archive/1/504683/100/0/threadedhttp://www.securityfocus.com/bid/34409http://www.securitytracker.com/id?1021994http://www.ubuntu.com/usn/usn-755-1http://www.us-cert.gov/cas/techalerts/TA09-133A.htmlhttp://www.vmware.com/security/advisories/VMSA-2009-0008.htmlhttp://www.vupen.com/english/advisories/2009/0960http://www.vupen.com/english/advisories/2009/0976http://www.vupen.com/english/advisories/2009/1057http://www.vupen.com/english/advisories/2009/1106http://www.vupen.com/english/advisories/2009/1297http://www.vupen.com/english/advisories/2009/2084http://www.vupen.com/english/advisories/2009/2248http://www-01.ibm.com/support/docview.wss?uid=swg21396120https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10694https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5483https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6301https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00205.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-April/msg00206.htmlhttps://access.redhat.com/errata/RHSA-2009:0410https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2009-0846https://nvd.nist.govhttps://usn.ubuntu.com/755-1/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2009-0410