CVE-2009-0846 - Vulnerability Details

CVE-2009-0846 - krb5: ASN.1 decoder can free uninitialized pointer when decoding an invalid encoding (MITKRB5-SA-2009-002)

The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Mac Os X
Canonical	Ubuntu Linux
Fedoraproject	Fedora
Mit	Kerberos 5
Redhat	Enterprise Linux Enterprise Linux Desktop Enterprise Linux Eus Enterprise Linux Server Enterprise Linux Workstation

Configuration 1 [-]

cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:fedoraproject:fedora:9:::::::*
	cpe:2.3:o:fedoraproject:fedora:10:::::::*

Configuration 3 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:7.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:8.04:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:8.10:::::::*

Configuration 4 [-]

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

Configuration 5 [-]

OR	cpe:2.3:o:redhat:enterprise_linux:4.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:4.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:2.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:3.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:4.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:2.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:3.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 2.1
krb5-0:1.2.2-49	cpe:/o:redhat:enterprise_linux:2.1	RHSA-2009:0410	2009-04-07T00:00:00Z
Red Hat Enterprise Linux 3
krb5-0:1.2.7-70	cpe:/o:redhat:enterprise_linux:3	RHSA-2009:0410	2009-04-07T00:00:00Z
Red Hat Enterprise Linux 4
krb5-0:1.3.4-60.el4_7.2	cpe:/o:redhat:enterprise_linux:4	RHSA-2009:0409	2009-04-07T00:00:00Z
Red Hat Enterprise Linux 5
krb5-0:1.6.1-31.el5_3.3	cpe:/o:redhat:enterprise_linux:5	RHSA-2009:0408	2009-04-07T00:00:00Z

References

Link	Providers
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
http://lists.vmware.com/pipermail/security-announce/2009/000059.html
http://marc.info/?l=bugtraq&m=124896429301168&w=2
http://marc.info/?l=bugtraq&m=130497213107107&w=2
http://rhn.redhat.com/errata/RHSA-2009-0409.html
http://rhn.redhat.com/errata/RHSA-2009-0410.html
http://secunia.com/advisories/34594
http://secunia.com/advisories/34598
http://secunia.com/advisories/34617
http://secunia.com/advisories/34622
http://secunia.com/advisories/34628
http://secunia.com/advisories/34630
http://secunia.com/advisories/34637
http://secunia.com/advisories/34640
http://secunia.com/advisories/34734
http://secunia.com/advisories/35074
http://secunia.com/advisories/35667
http://security.gentoo.org/glsa/glsa-200904-09.xml
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256728-1
http://support.apple.com/kb/HT3549
http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-002.txt
http://wiki.rpath.com/Advisories:rPSA-2009-0058
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058
http://www-01.ibm.com/support/docview.wss?uid=swg21396120
http://www.kb.cert.org/vuls/id/662091
http://www.mandriva.com/security/advisories?name=MDVSA-2009:098
http://www.redhat.com/support/errata/RHSA-2009-0408.html
http://www.securityfocus.com/archive/1/502527/100/0/threaded
http://www.securityfocus.com/archive/1/502546/100/0/threaded
http://www.securityfocus.com/archive/1/504683/100/0/threaded
http://www.securityfocus.com/bid/34409
http://www.securitytracker.com/id?1021994
http://www.ubuntu.com/usn/usn-755-1
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
http://www.vmware.com/security/advisories/VMSA-2009-0008.html
http://www.vupen.com/english/advisories/2009/0960
http://www.vupen.com/english/advisories/2009/0976
http://www.vupen.com/english/advisories/2009/1057
http://www.vupen.com/english/advisories/2009/1106
http://www.vupen.com/english/advisories/2009/1297
http://www.vupen.com/english/advisories/2009/2084
http://www.vupen.com/english/advisories/2009/2248
https://nvd.nist.gov/vuln/detail/CVE-2009-0846
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10694
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5483
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6301
https://www.cve.org/CVERecord?id=CVE-2009-0846
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00205.html
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00206.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-04-09T00:00:00

Updated: 2024-08-07T04:48:52.498Z

Reserved: 2009-03-06T00:00:00

Link: CVE-2009-0846

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2009-04-09T00:30:00.267

Modified: 2025-04-09T00:30:58.490

Link: CVE-2009-0846

Redhat

Severity : Critical

Publid Date: 2009-04-07T00:00:00Z

Links: CVE-2009-0846 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-04-07T00:00:00", "descriptions": [{"lang": "en", "value": "The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-10T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20090701 VMSA-2009-0008 ESX Service Console update for krb5", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/504683/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html"}, {"name": "oval:org.mitre.oval:def:6301", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6301"}, {"name": "MDVSA-2009:098", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:098"}, {"name": "VU#662091", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/662091"}, {"name": "20090407 MITKRB5-SA-2009-002: ASN.1 decoder frees uninitialized pointer [CVE-2009-0846]", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/502527/100/0/threaded"}, {"name": "ADV-2009-0960", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/0960"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT3549"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm"}, {"name": "35667", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35667"}, {"name": "RHSA-2009:0408", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2009-0408.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0008.html"}, {"name": "34637", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/34637"}, {"name": "SSRT100495", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=130497213107107&w=2"}, {"name": "ADV-2009-2084", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/2084"}, {"name": "oval:org.mitre.oval:def:10694", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10694"}, {"name": "34640", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/34640"}, {"name": "35074", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35074"}, {"name": "256728", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256728-1"}, {"name": "GLSA-200904-09", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200904-09.xml"}, {"tags": ["x_refsource_MISC"], "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html"}, {"name": "ADV-2009-0976", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/0976"}, {"name": "APPLE-SA-2009-05-12", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"}, {"name": "USN-755-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-755-1"}, {"name": "34630", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/34630"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21396120"}, {"name": "oval:org.mitre.oval:def:5483", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5483"}, {"name": "ADV-2009-1057", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/1057"}, {"name": "34617", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/34617"}, {"name": "34628", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/34628"}, {"name": "34734", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/34734"}, {"name": "ADV-2009-2248", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/2248"}, {"name": "TA09-133A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"}, {"tags": ["x_refsource_MISC"], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058"}, {"name": "34598", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/34598"}, {"name": "RHSA-2009:0409", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2009-0409.html"}, {"name": "ADV-2009-1297", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/1297"}, {"name": "34622", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/34622"}, {"name": "1021994", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1021994"}, {"name": "FEDORA-2009-2852", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00206.html"}, {"name": "FEDORA-2009-2834", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00205.html"}, {"name": "RHSA-2009:0410", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2009-0410.html"}, {"name": "[security-announce] 20090701 VMSA-2009-0008 ESX Service Console update for krb5", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.vmware.com/pipermail/security-announce/2009/000059.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0058"}, {"name": "20090407 rPSA-2009-0058-1 krb5 krb5-server krb5-services krb5-test krb5-workstation", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/502546/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-002.txt"}, {"name": "HPSBOV02682", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=130497213107107&w=2"}, {"name": "34594", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/34594"}, {"name": "ADV-2009-1106", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/1106"}, {"name": "HPSBUX02421", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=124896429301168&w=2"}, {"name": "34409", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/34409"}, {"name": "SSRT090047", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=124896429301168&w=2"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-0846", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20090701 VMSA-2009-0008 ESX Service Console update for krb5", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/504683/100/0/threaded"}, {"name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html", "refsource": "MISC", "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html"}, {"name": "oval:org.mitre.oval:def:6301", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6301"}, {"name": "MDVSA-2009:098", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:098"}, {"name": "VU#662091", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/662091"}, {"name": "20090407 MITKRB5-SA-2009-002: ASN.1 decoder frees uninitialized pointer [CVE-2009-0846]", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/502527/100/0/threaded"}, {"name": "ADV-2009-0960", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/0960"}, {"name": "http://support.apple.com/kb/HT3549", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3549"}, {"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm"}, {"name": "35667", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35667"}, {"name": "RHSA-2009:0408", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2009-0408.html"}, {"name": "http://www.vmware.com/security/advisories/VMSA-2009-0008.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2009-0008.html"}, {"name": "34637", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/34637"}, {"name": "SSRT100495", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=130497213107107&w=2"}, {"name": "ADV-2009-2084", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/2084"}, {"name": "oval:org.mitre.oval:def:10694", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10694"}, {"name": "34640", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/34640"}, {"name": "35074", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35074"}, {"name": "256728", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256728-1"}, {"name": "GLSA-200904-09", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200904-09.xml"}, {"name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html", "refsource": "MISC", "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html"}, {"name": "ADV-2009-0976", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/0976"}, {"name": "APPLE-SA-2009-05-12", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"}, {"name": "USN-755-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-755-1"}, {"name": "34630", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/34630"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21396120", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21396120"}, {"name": "oval:org.mitre.oval:def:5483", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5483"}, {"name": "ADV-2009-1057", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/1057"}, {"name": "34617", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/34617"}, {"name": "34628", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/34628"}, {"name": "34734", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/34734"}, {"name": "ADV-2009-2248", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/2248"}, {"name": "TA09-133A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"}, {"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058", "refsource": "MISC", "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058"}, {"name": "34598", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/34598"}, {"name": "RHSA-2009:0409", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2009-0409.html"}, {"name": "ADV-2009-1297", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/1297"}, {"name": "34622", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/34622"}, {"name": "1021994", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1021994"}, {"name": "FEDORA-2009-2852", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00206.html"}, {"name": "FEDORA-2009-2834", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00205.html"}, {"name": "RHSA-2009:0410", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2009-0410.html"}, {"name": "[security-announce] 20090701 VMSA-2009-0008 ESX Service Console update for krb5", "refsource": "MLIST", "url": "http://lists.vmware.com/pipermail/security-announce/2009/000059.html"}, {"name": "http://wiki.rpath.com/Advisories:rPSA-2009-0058", "refsource": "CONFIRM", "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0058"}, {"name": "20090407 rPSA-2009-0058-1 krb5 krb5-server krb5-services krb5-test krb5-workstation", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/502546/100/0/threaded"}, {"name": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-002.txt", "refsource": "CONFIRM", "url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-002.txt"}, {"name": "HPSBOV02682", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=130497213107107&w=2"}, {"name": "34594", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/34594"}, {"name": "ADV-2009-1106", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/1106"}, {"name": "HPSBUX02421", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=124896429301168&w=2"}, {"name": "34409", "refsource": "BID", "url": "http://www.securityfocus.com/bid/34409"}, {"name": "SSRT090047", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=124896429301168&w=2"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T04:48:52.498Z"}, "title": "CVE Program Container", "references": [{"name": "20090701 VMSA-2009-0008 ESX Service Console update for krb5", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/504683/100/0/threaded"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html"}, {"name": "oval:org.mitre.oval:def:6301", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6301"}, {"name": "MDVSA-2009:098", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:098"}, {"name": "VU#662091", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/662091"}, {"name": "20090407 MITKRB5-SA-2009-002: ASN.1 decoder frees uninitialized pointer [CVE-2009-0846]", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/502527/100/0/threaded"}, {"name": "ADV-2009-0960", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/0960"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.apple.com/kb/HT3549"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm"}, {"name": "35667", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/35667"}, {"name": "RHSA-2009:0408", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2009-0408.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0008.html"}, {"name": "34637", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/34637"}, {"name": "SSRT100495", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=130497213107107&w=2"}, {"name": "ADV-2009-2084", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/2084"}, {"name": "oval:org.mitre.oval:def:10694", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10694"}, {"name": "34640", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/34640"}, {"name": "35074", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/35074"}, {"name": "256728", "tags": ["vendor-advisory", "x_refsource_SUNALERT", "x_transferred"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256728-1"}, {"name": "GLSA-200904-09", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200904-09.xml"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html"}, {"name": "ADV-2009-0976", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/0976"}, {"name": "APPLE-SA-2009-05-12", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"}, {"name": "USN-755-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/usn-755-1"}, {"name": "34630", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/34630"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21396120"}, {"name": "oval:org.mitre.oval:def:5483", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5483"}, {"name": "ADV-2009-1057", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/1057"}, {"name": "34617", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/34617"}, {"name": "34628", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/34628"}, {"name": "34734", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/34734"}, {"name": "ADV-2009-2248", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/2248"}, {"name": "TA09-133A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058"}, {"name": "34598", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/34598"}, {"name": "RHSA-2009:0409", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2009-0409.html"}, {"name": "ADV-2009-1297", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/1297"}, {"name": "34622", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/34622"}, {"name": "1021994", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1021994"}, {"name": "FEDORA-2009-2852", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00206.html"}, {"name": "FEDORA-2009-2834", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00205.html"}, {"name": "RHSA-2009:0410", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2009-0410.html"}, {"name": "[security-announce] 20090701 VMSA-2009-0008 ESX Service Console update for krb5", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.vmware.com/pipermail/security-announce/2009/000059.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0058"}, {"name": "20090407 rPSA-2009-0058-1 krb5 krb5-server krb5-services krb5-test krb5-workstation", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/502546/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-002.txt"}, {"name": "HPSBOV02682", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=130497213107107&w=2"}, {"name": "34594", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/34594"}, {"name": "ADV-2009-1106", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/1106"}, {"name": "HPSBUX02421", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=124896429301168&w=2"}, {"name": "34409", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/34409"}, {"name": "SSRT090047", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=124896429301168&w=2"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-0846", "datePublished": "2009-04-09T00:00:00", "dateReserved": "2009-03-06T00:00:00", "dateUpdated": "2024-08-07T04:48:52.498Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*", "matchCriteriaId": "46577766-3490-43FD-8DDB-DDEF8862420D", "versionEndExcluding": "1.6.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*", "matchCriteriaId": "743CBBB1-C140-4FEF-B40E-FAE4511B1140", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*", "matchCriteriaId": "7000D33B-F3C7-43E8-8FC7-9B97AADC3E12", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*", "matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*", "matchCriteriaId": "823BF8BE-2309-4F67-A5E2-EAD98F723468", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*", "matchCriteriaId": "C0507E91-567A-41D6-A7E5-5088A39F75FB", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*", "matchCriteriaId": "4747CC68-FAF4-482F-929A-9DA6C24CB663", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "EA0E35E1-9181-4A2B-93E5-8833E5AB5FDD", "versionEndExcluding": "10.5.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "6172AF57-B26D-45F8-BE3A-F75ABDF28F49", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "AF3BBBC3-3EF9-4E24-9DE2-627E172A5473", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "7D74A418-50F0-42C0-ABBC-BBBE718FF025", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:4.7:*:*:*:*:*:*:*", "matchCriteriaId": "E1CA1D49-76E7-4195-98AF-BE916040ECC3", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "0F9EF63F-DDA3-448B-92D7-27ED92C51FED", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "397313C3-6BF5-4A87-90B3-55678E807171", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "73322DEE-27A6-4D18-88A3-ED7F9CAEABD5", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "53A61204-33CE-422F-8285-20A5E98ADF3F", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "E2FE6DAA-4702-409A-98B6-DE13B12805A1", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "5B5DCF29-6830-45FF-BC88-17E2249C653D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer."}, {"lang": "es", "value": "La funci\u00f3n asn1_decode_generaltime en lib/krb5/asn.1/asn1_decode.c en el decodificador ASN.1 GeneralizedTime en MIT Kerberos 5 (tambi\u00e9n conocido como Krb5) anteriores a v1.6.4, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) o posiblemente ejecuci\u00f3n de c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores que implican una codificaci\u00f3n DER inv\u00e1lida, que provocar\u00e1 una liberaci\u00f3n del puntero no inicializado.\r\n"}], "id": "CVE-2009-0846", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-04-09T00:30:00.267", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://lists.vmware.com/pipermail/security-announce/2009/000059.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=124896429301168&w=2"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=124896429301168&w=2"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=130497213107107&w=2"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=130497213107107&w=2"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2009-0409.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2009-0410.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/34594"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/34598"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/34617"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/34622"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/34628"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/34630"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/34637"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/34640"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/34734"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/35074"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/35667"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://security.gentoo.org/glsa/glsa-200904-09.xml"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256728-1"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://support.apple.com/kb/HT3549"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-002.txt"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0058"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21396120"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/662091"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:098"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2009-0408.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/502527/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/502546/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/504683/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/34409"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id?1021994"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/usn-755-1"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0008.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2009/0960"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2009/0976"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2009/1057"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2009/1106"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2009/1297"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2009/2084"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2009/2248"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10694"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5483"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6301"}, {"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00205.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00206.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://lists.vmware.com/pipermail/security-announce/2009/000059.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=124896429301168&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=124896429301168&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=130497213107107&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=130497213107107&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2009-0409.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2009-0410.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/34594"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/34598"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/34617"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/34622"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/34628"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/34630"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/34637"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/34640"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/34734"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/35074"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/35667"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://security.gentoo.org/glsa/glsa-200904-09.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256728-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://support.apple.com/kb/HT3549"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-002.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0058"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21396120"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/662091"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:098"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2009-0408.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/502527/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/502546/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/504683/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/34409"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id?1021994"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/usn-755-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0008.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2009/0960"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2009/0976"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2009/1057"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2009/1106"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2009/1297"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2009/2084"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2009/2248"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10694"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5483"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6301"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00205.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00206.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-824"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2009:0410", "cpe": "cpe:/o:redhat:enterprise_linux:2.1", "package": "krb5-0:1.2.2-49", "product_name": "Red Hat Enterprise Linux 2.1", "release_date": "2009-04-07T00:00:00Z"}, {"advisory": "RHSA-2009:0410", "cpe": "cpe:/o:redhat:enterprise_linux:3", "package": "krb5-0:1.2.7-70", "product_name": "Red Hat Enterprise Linux 3", "release_date": "2009-04-07T00:00:00Z"}, {"advisory": "RHSA-2009:0409", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "krb5-0:1.3.4-60.el4_7.2", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2009-04-07T00:00:00Z"}, {"advisory": "RHSA-2009:0408", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "krb5-0:1.6.1-31.el5_3.3", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2009-04-07T00:00:00Z"}], "bugzilla": {"description": "krb5: ASN.1 decoder can free uninitialized pointer when decoding an invalid encoding (MITKRB5-SA-2009-002)", "id": "491036", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=491036"}, "csaw": false, "cvss": {"cvss_base_score": "9.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "status": "verified"}, "cwe": "CWE-456->CWE-416", "details": ["The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer."], "name": "CVE-2009-0846", "public_date": "2009-04-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2009-0846\nhttps://nvd.nist.gov/vuln/detail/CVE-2009-0846"], "threat_severity": "Critical"}

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object