Lucene search

[email protected]CVE-2009-0846

HistoryApr 09, 2009 - 12:30 a.m.

CVE-2009-0846

2009-04-0900:30:00

CWE-824

[email protected]

web.nvd.nist.gov

cve-2009-0846

mit kerberos 5

krb5

asn.1

generalizedtime decoder

vulnerability

nvd

7.8 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.621 Medium

EPSS

Percentile

97.8%

JSON

The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer.

CPENameOperatorVersion
mit:kerberos_5mit kerberos 5lt1.6.4
fedoraproject:fedorafedoraproject fedoraeq10
fedoraproject:fedorafedoraproject fedoraeq9
canonical:ubuntu_linuxcanonical ubuntu linuxeq7.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq8.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq8.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq6.06
apple:mac_os_xapple mac os xlt10.5.7
redhat:enterprise_linuxredhat enterprise linuxeq4.0
redhat:enterprise_linux_desktopredhat enterprise linux desktopeq3.0

CPE	Name	Operator	Version
mit:kerberos_5	mit kerberos 5	lt	1.6.4
fedoraproject:fedora	fedoraproject fedora	eq	10
fedoraproject:fedora	fedoraproject fedora	eq	9
canonical:ubuntu_linux	canonical ubuntu linux	eq	7.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	8.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	8.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	6.06
apple:mac_os_x	apple mac os x	lt	10.5.7
redhat:enterprise_linux	redhat enterprise linux	eq	4.0
redhat:enterprise_linux_desktop	redhat enterprise linux desktop	eq	3.0

Rows per page:

1-10 of 181

References

lists.apple.com/archives/security-announce/2009/May/msg00002.html

lists.vmware.com/pipermail/security-announce/2009/000059.html

marc.info/?l=bugtraq&m=124896429301168&w=2

marc.info/?l=bugtraq&m=130497213107107&w=2

rhn.redhat.com/errata/RHSA-2009-0409.html

rhn.redhat.com/errata/RHSA-2009-0410.html

secunia.com/advisories/34594

secunia.com/advisories/34598

secunia.com/advisories/34617

secunia.com/advisories/34622

secunia.com/advisories/34628

secunia.com/advisories/34630

secunia.com/advisories/34637

secunia.com/advisories/34640

secunia.com/advisories/34734

secunia.com/advisories/35074

secunia.com/advisories/35667

security.gentoo.org/glsa/glsa-200904-09.xml

sunsolve.sun.com/search/document.do?assetkey=1-26-256728-1

support.apple.com/kb/HT3549

support.avaya.com/elmodocs2/security/ASA-2009-142.htm

support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html

support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html

web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-002.txt

wiki.rpath.com/Advisories:rPSA-2009-0058

wiki.rpath.com/wiki/Advisories:rPSA-2009-0058

www-01.ibm.com/support/docview.wss?uid=swg21396120

www.kb.cert.org/vuls/id/662091

www.mandriva.com/security/advisories?name=MDVSA-2009:098

www.redhat.com/support/errata/RHSA-2009-0408.html

www.securityfocus.com/archive/1/502527/100/0/threaded

www.securityfocus.com/archive/1/502546/100/0/threaded

www.securityfocus.com/archive/1/504683/100/0/threaded

www.securityfocus.com/bid/34409

www.securitytracker.com/id?1021994

www.ubuntu.com/usn/usn-755-1

www.us-cert.gov/cas/techalerts/TA09-133A.html

www.vmware.com/security/advisories/VMSA-2009-0008.html

www.vupen.com/english/advisories/2009/0960

www.vupen.com/english/advisories/2009/0976

www.vupen.com/english/advisories/2009/1057

www.vupen.com/english/advisories/2009/1106

www.vupen.com/english/advisories/2009/1297

www.vupen.com/english/advisories/2009/2084

www.vupen.com/english/advisories/2009/2248

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10694

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5483

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6301

www.redhat.com/archives/fedora-package-announce/2009-April/msg00205.html

www.redhat.com/archives/fedora-package-announce/2009-April/msg00206.html

7.8 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.621 Medium

EPSS

Percentile

97.8%

JSON

Related for CVE-2009-0846

openvas67 debiancve1 redhat3 ubuntucve1 centos4 checkpoint_advisories2 nessus31 veracode1 securityvulns3 prion1 oraclelinux3 vmware4 fedora2 osv1 ubuntu1 suse1 debian1 gentoo1