10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.621 Medium
EPSS
Percentile
97.8%
a. Service Console package krb5 updateKerberos is a network authentication protocol. It is designed toprovide strong authentication for client/server applications byusing secret-key cryptography.An input validation flaw in the asn1_decode_generaltime function inMIT Kerberos 5 before 1.6.4 allows remote attackers to cause adenial of service or possibly execute arbitrary code via vectorsinvolving an invalid DER encoding that triggers a free of anuninitialized pointer.A remote attacker could use this flaw to crash a network serviceusing the MIT Kerberos library, such as kadmind or krb5kdc, bycausing it to dereference or free an uninitialized pointer or,possibly, execute arbitrary code with the privileges of the userrunning the service.NOTE: ESX by default is unaffected by this issue, the daemonskadmind and krb5kdc are not installed in ESX.The Common Vulnerabilities and Exposures project (cve.mitre.org)has assigned the name CVE-2009-0846 to this issue.In addition the ESX 4.0 Service Console krb5 package was alsoupdated for CVE-2009-0845, and CVE-2009-0844 and RHBA-2009-0135.MIT Kerberos versions 5 1.5 through 1.6.3 might allow remoteattackers to cause a denial of service by using invalidContextFlags data in the reqFlags field in a negTokenInit token.The Common Vulnerabilities and Exposures Project (cve.mitre.org)has assigned the name CVE-2009-0845 to this issue.MIT Kerberos 5 before version 1.6.4 might allow remote attackers tocause a denial of service or possibly execute arbitrary code byusing vectors involving an invalid DER encoding that triggers afree of an uninitialized pointer.The Common Vulnerabilities and Exposures Project (cve.mitre.org)has assigned the name CVE-2009-0846 to this issue.For ESX 4.0, 3.5, 3.0.3 the Service Console package pam_krb5 hasalso been upgraded. For details on the non-security issues thatthis upgrade addresses, refer to the respective KB article listedin section 4 below.The following table lists what action remediates the vulnerability(column 4) if a solution is available.
CPE | Name | Operator | Version |
---|---|---|---|
esx | lt | ESX400-200906405-SG | |
esx | lt | ESX350-200906407-SG | |
esx | lt | ESX303-200906403-SG |