CVE-2009-0846 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2009-0846

CVE-2009-0846

April 09, 2009

The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer.

Related Resources (51)

http://secunia.com/advisories/34637

http://sunsolve.sun.com/search/document.do?assetkey=1-26-256728-1

http://www.securityfocus.com/archive/1/504683/100/0/threaded

http://marc.info/?l=bugtraq&m=124896429301168&w=2

http://rhn.redhat.com/errata/RHSA-2009-0409.html

http://www.ubuntu.com/usn/usn-755-1

http://www.us-cert.gov/cas/techalerts/TA09-133A.html

https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00205.html

http://secunia.com/advisories/34598

http://secunia.com/advisories/34628

http://secunia.com/advisories/34594

http://secunia.com/advisories/34734

http://secunia.com/advisories/34630

http://secunia.com/advisories/34640

http://secunia.com/advisories/34617

http://www.securityfocus.com/archive/1/502546/100/0/threaded

http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm

http://www.redhat.com/support/errata/RHSA-2009-0408.html

http://www.mandriva.com/security/advisories?name=MDVSA-2009:098

http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6301

http://www.securityfocus.com/bid/34409

http://www.vupen.com/english/advisories/2009/1106

http://rhn.redhat.com/errata/RHSA-2009-0410.html

http://wiki.rpath.com/Advisories:rPSA-2009-0058

http://marc.info/?l=bugtraq&m=130497213107107&w=2

http://lists.vmware.com/pipermail/security-announce/2009/000059.html

http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html

http://www.kb.cert.org/vuls/id/662091

http://secunia.com/advisories/35074

http://secunia.com/advisories/34622

https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00206.html

http://security.gentoo.org/glsa/glsa-200904-09.xml

http://www.vupen.com/english/advisories/2009/1297

http://www.vupen.com/english/advisories/2009/0960

http://www.vupen.com/english/advisories/2009/0976

http://www.vupen.com/english/advisories/2009/1057

http://support.apple.com/kb/HT3549

https://access.redhat.com/security/cve/CVE-2009-0846

http://www.securityfocus.com/archive/1/502527/100/0/threaded

http://www.securitytracker.com/id?1021994

http://www-01.ibm.com/support/docview.wss?uid=swg21396120

http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10694

http://lists.apple.com/archives/security-announce/2009/May/msg00002.html

http://www.vmware.com/security/advisories/VMSA-2009-0008.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5483

http://www.vupen.com/english/advisories/2009/2084

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-002.txt

http://www.vupen.com/english/advisories/2009/2248

http://secunia.com/advisories/35667

Do you need more information?

CVSS v4

Base Score:

9.3

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

HIGH

Vulnerable System Integrity

HIGH

Vulnerable System Availability

HIGH

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

CVSS v2

Base Score:

10

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

Weakness Type (CWE)

Access of Uninitialized Pointer

EPSS

Base Score:

56.35