Vulnerability Details : CVE-2009-0846
The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer.
Vulnerability category: Execute codeDenial of service
Products affected by CVE-2009-0846
- cpe:2.3:o:redhat:enterprise_linux:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:4.7:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:3.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:2.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:3.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2009-0846
62.53%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-0846
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2009-0846
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
-
The product accesses or uses a pointer that has not been initialized.Assigned by: nvd@nist.gov (Primary)
References for CVE-2009-0846
-
http://secunia.com/advisories/35074
About Secunia Research | FlexeraBroken Link
-
http://www.vupen.com/english/advisories/2009/0976
Webmail: access your OVH emails on ovhcloud.com | OVHcloudBroken Link
-
http://www.vupen.com/english/advisories/2009/1057
Webmail: access your OVH emails on ovhcloud.com | OVHcloudBroken Link
-
http://marc.info/?l=bugtraq&m=124896429301168&w=2
'[security bulletin] HPSBUX02421 SSRT090047 rev.1 - HP-UX Running Kerberos, Remote Denial of Service' - MARCThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2009-0409.html
RHSA-2009:0409 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://secunia.com/advisories/34594
About Secunia Research | FlexeraBroken Link
-
http://secunia.com/advisories/34617
About Secunia Research | FlexeraBroken Link
-
http://rhn.redhat.com/errata/RHSA-2009-0410.html
RHSA-2009:0410 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.vupen.com/english/advisories/2009/1106
Webmail: access your OVH emails on ovhcloud.com | OVHcloudBroken Link
-
http://secunia.com/advisories/34640
About Secunia Research | FlexeraBroken Link
-
http://www.vupen.com/english/advisories/2009/1297
Webmail: access your OVH emails on ovhcloud.com | OVHcloudBroken Link
-
http://www.kb.cert.org/vuls/id/662091
CERT Vulnerability Notes DatabaseBroken Link;Third Party Advisory;US Government Resource
-
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058
Broken Link
-
http://security.gentoo.org/glsa/glsa-200904-09.xml
MIT Kerberos 5: Multiple vulnerabilities (GLSA 200904-09) — Gentoo securityThird Party Advisory
-
http://secunia.com/advisories/34630
About Secunia Research | FlexeraBroken Link
-
http://www.securityfocus.com/bid/34409
Broken Link;Third Party Advisory;VDB Entry
-
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html
HTTP 404 Page Not FoundBroken Link
-
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html
HTTP 404 Page Not FoundBroken Link
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5483
404 Not FoundBroken Link
-
http://secunia.com/advisories/34628
About Secunia Research | FlexeraBroken Link
-
http://www.redhat.com/support/errata/RHSA-2009-0408.html
SupportBroken Link
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10694
404 Not FoundBroken Link
-
http://secunia.com/advisories/34637
About Secunia Research | FlexeraBroken Link
-
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-002.txt
Patch;Vendor Advisory
-
http://marc.info/?l=bugtraq&m=130497213107107&w=2
'[security bulletin] HPSBOV02682 SSRT100495 rev.1 - HP OpenVMS running Kerberos, Remote Denial of Ser' - MARCThird Party Advisory
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256728-1
Broken Link
-
http://wiki.rpath.com/Advisories:rPSA-2009-0058
Broken Link
-
http://secunia.com/advisories/34598
About Secunia Research | FlexeraBroken Link
-
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
Mailing List
-
http://secunia.com/advisories/34734
About Secunia Research | FlexeraBroken Link
-
http://www.securityfocus.com/archive/1/502546/100/0/threaded
Broken Link;Third Party Advisory;VDB Entry
-
http://www.securityfocus.com/archive/1/504683/100/0/threaded
Broken Link;Third Party Advisory;VDB Entry
-
http://www.vmware.com/security/advisories/VMSA-2009-0008.html
VMSA-2009-0008.2Third Party Advisory
-
http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm
ASA-2009-142 (SUN 256728)Third Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6301
404 Not FoundBroken Link
-
http://www.vupen.com/english/advisories/2009/2248
Webmail: access your OVH emails on ovhcloud.com | OVHcloudBroken Link
-
http://www-01.ibm.com/support/docview.wss?uid=swg21396120
IBM notice: The page you requested cannot be displayedBroken Link
-
http://www.securityfocus.com/archive/1/502527/100/0/threaded
Broken Link;Third Party Advisory;VDB Entry
-
http://www.vupen.com/english/advisories/2009/0960
Webmail: access your OVH emails on ovhcloud.com | OVHcloudBroken Link
-
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00206.html
[SECURITY] Fedora 10 Update: krb5-1.6.3-18.fc10Mailing List
-
http://lists.vmware.com/pipermail/security-announce/2009/000059.html
502 Bad GatewayBroken Link
-
http://www.mandriva.com/security/advisories?name=MDVSA-2009:098
MandrivaBroken Link
-
http://secunia.com/advisories/34622
About Secunia Research | FlexeraBroken Link
-
http://support.apple.com/kb/HT3549
About the security content of Security Update 2009-002 / Mac OS X v10.5.7 - Apple SupportThird Party Advisory
-
http://www.vupen.com/english/advisories/2009/2084
Webmail: access your OVH emails on ovhcloud.com | OVHcloudBroken Link
-
http://www.securitytracker.com/id?1021994
GoDaddy Domain Name SearchBroken Link;Third Party Advisory;VDB Entry
-
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00205.html
[SECURITY] Fedora 9 Update: krb5-1.6.3-16.fc9Mailing List
-
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
Apple Updates for Multiple Vulnerabilities | CISAThird Party Advisory;US Government Resource
-
http://www.ubuntu.com/usn/usn-755-1
USN-755-1: Kerberos vulnerabilities | Ubuntu security notices | UbuntuThird Party Advisory
-
http://secunia.com/advisories/35667
About Secunia Research | FlexeraBroken Link
Jump to