Lucene search

[email protected]CVE-2009-0847

HistoryApr 09, 2009 - 12:30 a.m.

CVE-2009-0847

2009-04-0900:30:00

CWE-189

[email protected]

web.nvd.nist.gov

cve-2009-0847

mit kerberos 5

asn.1 decoder

denial of service

remote attackers

crafted length value

6.1 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.056 Low

EPSS

Percentile

93.2%

JSON

The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service (application crash) via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations with pointer arithmetic.

CPENameOperatorVersion
mit:kerberosmit kerberoseq5-1.6.3

CPE	Name	Operator	Version
mit:kerberos	mit kerberos	eq	5-1.6.3

References

lists.apple.com/archives/security-announce/2009/May/msg00002.html

marc.info/?l=bugtraq&m=124896429301168&w=2

secunia.com/advisories/34594

secunia.com/advisories/34617

secunia.com/advisories/34622

secunia.com/advisories/34628

secunia.com/advisories/34637

secunia.com/advisories/34640

secunia.com/advisories/34734

secunia.com/advisories/35074

security.gentoo.org/glsa/glsa-200904-09.xml

sunsolve.sun.com/search/document.do?assetkey=1-26-256728-1

support.apple.com/kb/HT3549

support.avaya.com/elmodocs2/security/ASA-2009-142.htm

support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html

support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html

web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-001.txt

wiki.rpath.com/Advisories:rPSA-2009-0058

wiki.rpath.com/wiki/Advisories:rPSA-2009-0058

www-01.ibm.com/support/docview.wss?uid=swg21396120

www.kb.cert.org/vuls/id/662091

www.mandriva.com/security/advisories?name=MDVSA-2009:098

www.securityfocus.com/archive/1/502526/100/0/threaded

www.securityfocus.com/archive/1/502546/100/0/threaded

www.securityfocus.com/bid/34408

www.securitytracker.com/id?1021993

www.ubuntu.com/usn/usn-755-1

www.us-cert.gov/cas/techalerts/TA09-133A.html

www.vupen.com/english/advisories/2009/0960

www.vupen.com/english/advisories/2009/0976

www.vupen.com/english/advisories/2009/1057

www.vupen.com/english/advisories/2009/1106

www.vupen.com/english/advisories/2009/1297

www.vupen.com/english/advisories/2009/2084

www.vupen.com/english/advisories/2009/2248

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6387

www.redhat.com/archives/fedora-package-announce/2009-April/msg00205.html

www.redhat.com/archives/fedora-package-announce/2009-April/msg00206.html

6.1 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.056 Low

EPSS

Percentile

93.2%

JSON

Related for CVE-2009-0847

ubuntucve1 prion1 debiancve1 openvas45 oraclelinux3 nessus25 seebug1 securityvulns3 fedora2 ubuntu1 osv1 suse1 debian1 gentoo1