CVE-2009-0846

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2009-0846
The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer.

10.0 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html Mailing List
http://lists.vmware.com/pipermail/security-announce/2009/000059.html Broken Link
http://marc.info/?l=bugtraq&m=124896429301168&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=130497213107107&w=2 Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2009-0409.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2009-0410.html Third Party Advisory
http://secunia.com/advisories/34594 Broken Link
http://secunia.com/advisories/34598 Broken Link
http://secunia.com/advisories/34617 Broken Link
http://secunia.com/advisories/34622 Broken Link
http://secunia.com/advisories/34628 Broken Link
http://secunia.com/advisories/34630 Broken Link
http://secunia.com/advisories/34637 Broken Link
http://secunia.com/advisories/34640 Broken Link
http://secunia.com/advisories/34734 Broken Link
http://secunia.com/advisories/35074 Broken Link
http://secunia.com/advisories/35667 Broken Link
http://security.gentoo.org/glsa/glsa-200904-09.xml Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256728-1 Broken Link
http://support.apple.com/kb/HT3549 Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm Third Party Advisory
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html Broken Link
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html Broken Link
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-002.txt Patch Vendor Advisory
http://wiki.rpath.com/Advisories:rPSA-2009-0058 Broken Link
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058 Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21396120 Broken Link
http://www.kb.cert.org/vuls/id/662091 Broken Link Third Party Advisory US Government Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2009:098 Broken Link
http://www.redhat.com/support/errata/RHSA-2009-0408.html Broken Link
http://www.securityfocus.com/archive/1/502527/100/0/threaded Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/502546/100/0/threaded Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/504683/100/0/threaded Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/34409 Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1021994 Broken Link Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/usn-755-1 Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA09-133A.html Third Party Advisory US Government Resource
http://www.vmware.com/security/advisories/VMSA-2009-0008.html Third Party Advisory
http://www.vupen.com/english/advisories/2009/0960 Broken Link
http://www.vupen.com/english/advisories/2009/0976 Broken Link
http://www.vupen.com/english/advisories/2009/1057 Broken Link
http://www.vupen.com/english/advisories/2009/1106 Broken Link
http://www.vupen.com/english/advisories/2009/1297 Broken Link
http://www.vupen.com/english/advisories/2009/2084 Broken Link
http://www.vupen.com/english/advisories/2009/2248 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10694 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5483 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6301 Broken Link
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00205.html Mailing List
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00206.html Mailing List
Configurations

Configuration 1 (hide)

cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:o:redhat:enterprise_linux:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:4.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:2.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:3.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:2.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:3.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:*:*:*:*:*:*:*
History

09 Feb 2024, 03:21

Type Values Removed Values Added
References (SECUNIA) http://secunia.com/advisories/35667 - (SECUNIA) http://secunia.com/advisories/35667 - Broken Link
References (VUPEN) http://www.vupen.com/english/advisories/2009/0960 - (VUPEN) http://www.vupen.com/english/advisories/2009/0960 - Broken Link
References (HP) http://marc.info/?l=bugtraq&m=124896429301168&w=2 - (HP) http://marc.info/?l=bugtraq&m=124896429301168&w=2 - Third Party Advisory
References (VUPEN) http://www.vupen.com/english/advisories/2009/1057 - (VUPEN) http://www.vupen.com/english/advisories/2009/1057 - Broken Link
References (REDHAT) http://www.redhat.com/support/errata/RHSA-2009-0408.html - (REDHAT) http://www.redhat.com/support/errata/RHSA-2009-0408.html - Broken Link
References (REDHAT) http://rhn.redhat.com/errata/RHSA-2009-0410.html - (REDHAT) http://rhn.redhat.com/errata/RHSA-2009-0410.html - Third Party Advisory
References (CONFIRM) http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm - (CONFIRM) http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm - Third Party Advisory
References (REDHAT) http://rhn.redhat.com/errata/RHSA-2009-0409.html - (REDHAT) http://rhn.redhat.com/errata/RHSA-2009-0409.html - Third Party Advisory
References (MLIST) http://lists.vmware.com/pipermail/security-announce/2009/000059.html - (MLIST) http://lists.vmware.com/pipermail/security-announce/2009/000059.html - Broken Link
References (BID) http://www.securityfocus.com/bid/34409 - (BID) http://www.securityfocus.com/bid/34409 - Broken Link, Third Party Advisory, VDB Entry
References (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6301 - (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6301 - Broken Link
References (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5483 - (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5483 - Broken Link
References (CERT) http://www.us-cert.gov/cas/techalerts/TA09-133A.html - US Government Resource (CERT) http://www.us-cert.gov/cas/techalerts/TA09-133A.html - Third Party Advisory, US Government Resource
References (CONFIRM) http://support.apple.com/kb/HT3549 - (CONFIRM) http://support.apple.com/kb/HT3549 - Third Party Advisory
References (BUGTRAQ) http://www.securityfocus.com/archive/1/504683/100/0/threaded - (BUGTRAQ) http://www.securityfocus.com/archive/1/504683/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry
References (SECTRACK) http://www.securitytracker.com/id?1021994 - (SECTRACK) http://www.securitytracker.com/id?1021994 - Broken Link, Third Party Advisory, VDB Entry
References (MISC) http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058 - (MISC) http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058 - Broken Link
References (VUPEN) http://www.vupen.com/english/advisories/2009/1106 - (VUPEN) http://www.vupen.com/english/advisories/2009/1106 - Broken Link
References (CONFIRM) http://www.vmware.com/security/advisories/VMSA-2009-0008.html - (CONFIRM) http://www.vmware.com/security/advisories/VMSA-2009-0008.html - Third Party Advisory
References (VUPEN) http://www.vupen.com/english/advisories/2009/0976 - (VUPEN) http://www.vupen.com/english/advisories/2009/0976 - Broken Link
References (SECUNIA) http://secunia.com/advisories/34598 - (SECUNIA) http://secunia.com/advisories/34598 - Broken Link
References (APPLE) http://lists.apple.com/archives/security-announce/2009/May/msg00002.html - (APPLE) http://lists.apple.com/archives/security-announce/2009/May/msg00002.html - Mailing List
References (VUPEN) http://www.vupen.com/english/advisories/2009/1297 - (VUPEN) http://www.vupen.com/english/advisories/2009/1297 - Broken Link
References (MISC) http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html - (MISC) http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html - Broken Link
References (VUPEN) http://www.vupen.com/english/advisories/2009/2248 - (VUPEN) http://www.vupen.com/english/advisories/2009/2248 - Broken Link
References (CERT-VN) http://www.kb.cert.org/vuls/id/662091 - US Government Resource (CERT-VN) http://www.kb.cert.org/vuls/id/662091 - Broken Link, Third Party Advisory, US Government Resource
References (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10694 - (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10694 - Broken Link
References (GENTOO) http://security.gentoo.org/glsa/glsa-200904-09.xml - (GENTOO) http://security.gentoo.org/glsa/glsa-200904-09.xml - Third Party Advisory
References (SECUNIA) http://secunia.com/advisories/34630 - (SECUNIA) http://secunia.com/advisories/34630 - Broken Link
References (MISC) http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html - (MISC) http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html - Broken Link
References (SECUNIA) http://secunia.com/advisories/34637 - (SECUNIA) http://secunia.com/advisories/34637 - Broken Link
References (SECUNIA) http://secunia.com/advisories/34640 - (SECUNIA) http://secunia.com/advisories/34640 - Broken Link
References (VUPEN) http://www.vupen.com/english/advisories/2009/2084 - (VUPEN) http://www.vupen.com/english/advisories/2009/2084 - Broken Link
References (CONFIRM) http://wiki.rpath.com/Advisories:rPSA-2009-0058 - (CONFIRM) http://wiki.rpath.com/Advisories:rPSA-2009-0058 - Broken Link
References (BUGTRAQ) http://www.securityfocus.com/archive/1/502546/100/0/threaded - (BUGTRAQ) http://www.securityfocus.com/archive/1/502546/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry
References (SECUNIA) http://secunia.com/advisories/34628 - (SECUNIA) http://secunia.com/advisories/34628 - Broken Link
References (SECUNIA) http://secunia.com/advisories/34594 - (SECUNIA) http://secunia.com/advisories/34594 - Broken Link
References (SECUNIA) http://secunia.com/advisories/34734 - (SECUNIA) http://secunia.com/advisories/34734 - Broken Link
References (SECUNIA) http://secunia.com/advisories/35074 - (SECUNIA) http://secunia.com/advisories/35074 - Broken Link
References (HP) http://marc.info/?l=bugtraq&m=130497213107107&w=2 - (HP) http://marc.info/?l=bugtraq&m=130497213107107&w=2 - Third Party Advisory
References (SUNALERT) http://sunsolve.sun.com/search/document.do?assetkey=1-26-256728-1 - (SUNALERT) http://sunsolve.sun.com/search/document.do?assetkey=1-26-256728-1 - Broken Link
References (BUGTRAQ) http://www.securityfocus.com/archive/1/502527/100/0/threaded - (BUGTRAQ) http://www.securityfocus.com/archive/1/502527/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry
References (SECUNIA) http://secunia.com/advisories/34622 - (SECUNIA) http://secunia.com/advisories/34622 - Broken Link
References (UBUNTU) http://www.ubuntu.com/usn/usn-755-1 - (UBUNTU) http://www.ubuntu.com/usn/usn-755-1 - Third Party Advisory
References (CONFIRM) http://www-01.ibm.com/support/docview.wss?uid=swg21396120 - (CONFIRM) http://www-01.ibm.com/support/docview.wss?uid=swg21396120 - Broken Link
References (FEDORA) https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00205.html - (FEDORA) https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00205.html - Mailing List
References (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2009:098 - (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2009:098 - Broken Link
References (FEDORA) https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00206.html - (FEDORA) https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00206.html - Mailing List
References (SECUNIA) http://secunia.com/advisories/34617 - (SECUNIA) http://secunia.com/advisories/34617 - Broken Link
CPE cpe:2.3:a:mit:kerberos_5:1.2.6:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos:5-1.6.3:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.2.7:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.2.5:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.1:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.4.4:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.0:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.4.3:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.2:beta1:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.2:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.4:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.3.6:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.2:beta2:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.5.3:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.6:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.3:alpha1:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.3.3:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.2.8:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.3.4:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:-:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.3.5:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.3:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.6.2:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.5:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.2.4:*:*:*:*:*:*:*		 cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:4.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:3.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:3.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:2.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:2.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*
CWE CWE-20 CWE-824
First Time Canonical
Canonical ubuntu Linux
Redhat enterprise Linux Server
Redhat
Apple
Fedoraproject fedora
Redhat enterprise Linux Eus
Apple mac Os X
Redhat enterprise Linux Workstation
Redhat enterprise Linux
Fedoraproject
Redhat enterprise Linux Desktop
Information

Published : 2009-04-09 00:30

Updated : 2024-02-28 11:21

NVD link : CVE-2009-0846

Mitre link : CVE-2009-0846

CVE.ORG link : CVE-2009-0846

JSON object : View

Products Affected

redhat

  • enterprise_linux_desktop
  • enterprise_linux_server
  • enterprise_linux
  • enterprise_linux_eus
  • enterprise_linux_workstation

apple

  • mac_os_x

mit

  • kerberos_5

canonical

  • ubuntu_linux

fedoraproject

  • fedora
CWE
CWE-824

Access of Uninitialized Pointer


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024