Vulnerability Details : CVE-2009-0844
The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that triggers a buffer over-read.
Vulnerability category: Denial of service
Products affected by CVE-2009-0844
- cpe:2.3:a:mit:kerberos:5-1.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:-:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.6:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.5.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2009-0844
7.97%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 91 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-0844
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:P |
8.6
|
4.9
|
NIST |
CWE ids for CVE-2009-0844
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2009-0844
-
http://secunia.com/advisories/35074
About Secunia Research | Flexera
-
http://www.vupen.com/english/advisories/2009/0976
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9474
404 Not Found
-
http://www.vupen.com/english/advisories/2009/1057
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://secunia.com/advisories/34594
About Secunia Research | Flexera
-
http://secunia.com/advisories/34617
About Secunia Research | Flexera
-
http://www.vupen.com/english/advisories/2009/1106
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://secunia.com/advisories/34640
About Secunia Research | Flexera
-
http://www.vupen.com/english/advisories/2009/1297
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://www.kb.cert.org/vuls/id/662091
CERT Vulnerability Notes DatabaseUS Government Resource
-
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058
-
http://security.gentoo.org/glsa/glsa-200904-09.xml
MIT Kerberos 5: Multiple vulnerabilities (GLSA 200904-09) — Gentoo security
-
http://secunia.com/advisories/34630
About Secunia Research | Flexera
-
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html
HTTP 404 Page Not Found
-
http://www.securityfocus.com/archive/1/502526/100/0/threaded
-
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html
HTTP 404 Page Not Found
-
http://www.securityfocus.com/bid/34408
-
http://secunia.com/advisories/34628
About Secunia Research | Flexera
-
http://www.redhat.com/support/errata/RHSA-2009-0408.html
Support
-
http://secunia.com/advisories/34637
About Secunia Research | Flexera
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6339
404 Not Found
-
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-001.txt
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256728-1
-
http://wiki.rpath.com/Advisories:rPSA-2009-0058
-
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
-
http://secunia.com/advisories/34734
About Secunia Research | Flexera
-
http://www.securityfocus.com/archive/1/502546/100/0/threaded
-
http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm
ASA-2009-142 (SUN 256728)
-
http://www.vupen.com/english/advisories/2009/2248
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://www-01.ibm.com/support/docview.wss?uid=swg21396120
IBM notice: The page you requested cannot be displayed
-
http://www.vupen.com/english/advisories/2009/0960
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00206.html
[SECURITY] Fedora 10 Update: krb5-1.6.3-18.fc10
-
http://www.mandriva.com/security/advisories?name=MDVSA-2009:098
Mandriva
-
http://secunia.com/advisories/34622
About Secunia Research | Flexera
-
http://support.apple.com/kb/HT3549
About the security content of Security Update 2009-002 / Mac OS X v10.5.7 - Apple Support
-
http://www.securitytracker.com/id?1021867
GoDaddy Domain Name Search
-
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00205.html
[SECURITY] Fedora 9 Update: krb5-1.6.3-16.fc9
-
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
Apple Updates for Multiple Vulnerabilities | CISAUS Government Resource
-
http://www.ubuntu.com/usn/usn-755-1
USN-755-1: Kerberos vulnerabilities | Ubuntu security notices | Ubuntu
Jump to