Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2009-4212

Published: 13/01/2010 Updated: 21/01/2020
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Kerberos 5

Vulnerability Summary

Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 up to and including 1.6.3, and 1.7 prior to 1.7.1, allow remote malicious users to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid.

Vulnerable Product Search on Vulmon Subscribe to Product

mit kerberos 5 1.3.3

mit kerberos 5 1.3.4

mit kerberos 5 1.4.4

mit kerberos 5 1.5

mit kerberos 5 1.7

mit kerberos 5 1.3.5

mit kerberos 5 1.3.6

mit kerberos 5 1.5.1

mit kerberos 5 1.5.2

mit kerberos 5 1.3.1

mit kerberos 5 1.3.2

mit kerberos 5 1.4.2

mit kerberos 5 1.4.3

mit kerberos 5 1.6.2

mit kerberos 5-1.6.3

mit kerberos 5 1.3

mit kerberos 5 1.4

mit kerberos 5 1.4.1

mit kerberos 5 1.5.3

mit kerberos 5 1.6

mit kerberos 5 1.6.1

Vendor Advisories

Red Hat: Critical: krb5 security update
Synopsis Critical: krb5 security update Type/Severity Security Advisory: Critical Topic Updated krb5 packages that fix multiple security issues are now availablefor Red Hat Enterprise Linux 3, 4, and 5, and Red Hat Enterprise Linux 47,52, and 53 Extended Update SupportThis update has been rated as havin ...
Ubuntu Security Notice: krb5 vulnerability
It was discovered that Kerberos did not correctly handle invalid AES blocks An unauthenticated remote attacker could send specially crafted traffic that would crash the KDC service, leading to a denial of service, or possibly execute arbitrary code with root privileges ...
Debian Security Advisories: DSA-1969-1 krb5 -- integer underflow
It was discovered that krb5, a system for authenticating users and services on a network, is prone to integer underflow in the AES and RC4 decryption operations of the crypto library A remote attacker can cause crashes, heap corruption, or, under extraordinarily unlikely conditions, arbitrary code execution For the old stable distribution (etch), ...

References

CWE-189http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-004.txthttps://rhn.redhat.com/errata/RHSA-2010-0029.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=545015http://www.vupen.com/english/advisories/2010/0129http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033919.htmlhttp://secunia.com/advisories/38140http://www.mandriva.com/security/advisories?name=MDVSA-2010:006http://sunsolve.sun.com/search/document.do?assetkey=1-66-275530-1http://secunia.com/advisories/38203http://www.debian.org/security/2010/dsa-1969http://secunia.com/advisories/38108http://secunia.com/advisories/38184http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033915.htmlhttps://rhn.redhat.com/errata/RHSA-2010-0095.htmlhttp://support.avaya.com/css/P8/documents/100074869http://secunia.com/advisories/38696http://www.securitytracker.com/id?1023440http://www.securityfocus.com/bid/37749http://secunia.com/advisories/38080http://ubuntu.com/usn/usn-881-1http://www.vupen.com/english/advisories/2010/0096http://secunia.com/advisories/38126http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021779.1-1http://www.vupen.com/english/advisories/2010/1481http://support.apple.com/kb/HT4188http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.htmlhttp://secunia.com/advisories/40220http://marc.info/?l=bugtraq&m=130497213107107&w=2https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8192https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7357https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11272https://access.redhat.com/errata/RHSA-2010:0029https://usn.ubuntu.com/881-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook