Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:4961
HistoryMar 28, 2009 - 12:00 a.m.

MIT Kerberos NegTokenInit令牌处理远程拒绝服务漏洞

2009-03-2800:00:00
Root
www.seebug.org
12

0.052 Low

EPSS

Percentile

92.2%

JSON

BUGTRAQ ID: 34257
CVE(CAN) ID: CVE-2009-0845

Kerberos是一款广泛使用的使用强壮的加密来验证客户端和服务器端的网络协议。MIT Kerberos 5是一种常用的开源Kerberos实现。

Kerberos 5的src/lib/gssapi/spnego/spnego_mech.c文件中的spnego_gss_accept_sec_context() 函数存在空指针引用错误,如果远程攻击者在认证过程中发送了带有特制ContextFlags标记的NegTokenInit令牌就可以触发这个漏洞,导致守护程序崩溃。

MIT Kerberos 5 1.6.3
厂商补丁:

MIT

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

<a href=“http://src.mit.edu/fisheye/browse/krb5/trunk/src/lib/gssapi/spnego/spnego_mech.c?r1=21875&amp;r2=22084” target=“_blank”>http://src.mit.edu/fisheye/browse/krb5/trunk/src/lib/gssapi/spnego/spnego_mech.c?r1=21875&amp;r2=22084</a>

Related

nessus 27
veracode 1
debiancve 1
securityvulns 6
openvas 53
prion 1
cve 1
ubuntucve 1
vmware 4
centos 1
redhat 1
suse 1
debian 1
ubuntu 1
fedora 2
osv 1
oraclelinux 1
gentoo 1
nessus
nessus
Mandriva Linux Security Advisory : krb5 (MDVSA-2009:082)
2009-04-23 00:00:00
VMSA-2009-0008 : ESX Service Console update for krb5
2009-07-27 00:00:00
VMware ESX Multiple Vulnerabilities (VMSA-2009-0008) (remote check)
2016-03-03 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:37:21
debiancve
debiancve
CVE-2009-0845
2009-03-27 16:30:00
securityvulns
securityvulns
[ MDVSA-2009:082 ] krb5
2009-04-01 00:00:00
MIT Kerberos 5 DoS
2009-04-01 00:00:00
MITKRB5-SA-2010-002 denial of service in SPNEGO [CVE-2010-0628 VU#839413]
2010-03-25 00:00:00
openvas
openvas
Mandrake Security Advisory MDVSA-2009:082 (krb5)
2009-04-06 00:00:00
Mandrake Security Advisory MDVSA-2009:082 (krb5)
2009-04-06 00:00:00
RedHat Security Advisory RHSA-2009:0408
2009-04-15 00:00:00
prion
prion
Null pointer dereference
2009-03-27 16:30:00
cve
cve
CVE-2009-0845
2009-03-27 16:30:00
ubuntucve
ubuntucve
CVE-2009-0845
2009-03-27 00:00:00
vmware
vmware
ESX Service Console update for krb5
2009-06-30 00:00:00
ESX Service Console update for krb5
2009-06-30 00:00:00
VMware ESXi and ESX third party updates for Service Console and Likewise components
2010-11-15 00:00:00
centos
centos
krb5 security update
2009-04-08 12:00:24
redhat
redhat
(RHSA-2009:0408) Important: krb5 security update
2009-04-07 00:00:00
suse
suse
remote code execution in krb5
2009-04-08 16:25:40
debian
debian
[SECURITY] [DSA 1766-1] New krb5 packages fix several vulnerabilities
2009-04-09 01:33:24
ubuntu
ubuntu
Kerberos vulnerabilities
2009-04-07 00:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: krb5-1.6.3-16.fc9
2009-04-07 23:23:58
[SECURITY] Fedora 10 Update: krb5-1.6.3-18.fc10
2009-04-07 23:24:17
osv
osv
krb5 - several vulnerabilities
2009-04-09 00:00:00
oraclelinux
oraclelinux
krb5 security update
2009-04-07 00:00:00
gentoo
gentoo
MIT Kerberos 5: Multiple vulnerabilities
2009-04-08 00:00:00

0.052 Low

EPSS

Percentile

92.2%

JSON
Related for SSV:4961
nessus27veracode1debiancve1securityvulns6openvas53prion1cve1ubuntucve1vmware4centos1redhat1suse1debian1ubuntu1fedora2osv1oraclelinux1gentoo1