National Cyber Awareness System

Vulnerability Summary for CVE-2009-0846

Overview

The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

US-CERT Technical Alert: TA09-133A

Name: TA09-133A

Hyperlink:http://www.us-cert.gov/cas/techalerts/TA09-133A.html

External Source: CONFIRM

Name: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-002.txt

Type: Advisory; Patch Information

Hyperlink:http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-002.txt

External Source: FEDORA

Name: FEDORA-2009-2852

Hyperlink:https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00206.html

External Source: FEDORA

Name: FEDORA-2009-2834

Hyperlink:https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00205.html

External Source: VUPEN

Name: ADV-2009-2248

Hyperlink:http://www.vupen.com/english/advisories/2009/2248

External Source: VUPEN

Name: ADV-2009-2084

Hyperlink:http://www.vupen.com/english/advisories/2009/2084

External Source: VUPEN

Name: ADV-2009-1297

Hyperlink:http://www.vupen.com/english/advisories/2009/1297

External Source: VUPEN

Name: ADV-2009-1106

Hyperlink:http://www.vupen.com/english/advisories/2009/1106

External Source: VUPEN

Name: ADV-2009-1057

Hyperlink:http://www.vupen.com/english/advisories/2009/1057

External Source: VUPEN

Name: ADV-2009-0976

Hyperlink:http://www.vupen.com/english/advisories/2009/0976

External Source: VUPEN

Name: ADV-2009-0960

Hyperlink:http://www.vupen.com/english/advisories/2009/0960

External Source: CONFIRM

Name: http://www.vmware.com/security/advisories/VMSA-2009-0008.html

Hyperlink:http://www.vmware.com/security/advisories/VMSA-2009-0008.html

External Source: UBUNTU

Name: USN-755-1

Hyperlink:http://www.ubuntu.com/usn/usn-755-1

External Source: SECTRACK

Name: 1021994

Hyperlink:http://www.securitytracker.com/id?1021994

External Source: BID

Name: 34409

Hyperlink:http://www.securityfocus.com/bid/34409

External Source: BUGTRAQ

Name: 20090701 VMSA-2009-0008 ESX Service Console update for krb5

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/504683/100/0/threaded

External Source: BUGTRAQ

Name: 20090407 rPSA-2009-0058-1 krb5 krb5-server krb5-services krb5-test krb5-workstation

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/502546/100/0/threaded

External Source: BUGTRAQ

Name: 20090407 MITKRB5-SA-2009-002: ASN.1 decoder frees uninitialized pointer [CVE-2009-0846]

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/502527/100/0/threaded

External Source: REDHAT

Name: RHSA-2009:0408

Hyperlink:http://www.redhat.com/support/errata/RHSA-2009-0408.html

External Source: MANDRIVA

Name: MDVSA-2009:098

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2009:098

External Source: CONFIRM

Name: http://www-01.ibm.com/support/docview.wss?uid=swg21396120

Hyperlink:http://www-01.ibm.com/support/docview.wss?uid=swg21396120

External Source: MISC

Name: http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058

Hyperlink:http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058

External Source: CONFIRM

Name: http://wiki.rpath.com/Advisories:rPSA-2009-0058

Hyperlink:http://wiki.rpath.com/Advisories:rPSA-2009-0058

External Source: MISC

Name: http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html

Hyperlink:http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html

External Source: MISC

Name: http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html

Hyperlink:http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html

External Source: CONFIRM

Name: http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm

Hyperlink:http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm

External Source: CONFIRM

Name: http://support.apple.com/kb/HT3549

Hyperlink:http://support.apple.com/kb/HT3549

External Source: SUNALERT

Name: 256728

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-26-256728-1

External Source: GENTOO

Name: GLSA-200904-09

Hyperlink:http://security.gentoo.org/glsa/glsa-200904-09.xml

External Source: SECUNIA

Name: 35667

Hyperlink:http://secunia.com/advisories/35667

External Source: SECUNIA

Name: 35074

Hyperlink:http://secunia.com/advisories/35074

External Source: SECUNIA

Name: 34734

Hyperlink:http://secunia.com/advisories/34734

External Source: SECUNIA

Name: 34640

Hyperlink:http://secunia.com/advisories/34640

External Source: SECUNIA

Name: 34637

Hyperlink:http://secunia.com/advisories/34637

External Source: SECUNIA

Name: 34630

Hyperlink:http://secunia.com/advisories/34630

External Source: SECUNIA

Name: 34628

Hyperlink:http://secunia.com/advisories/34628

External Source: SECUNIA

Name: 34622

Hyperlink:http://secunia.com/advisories/34622

External Source: SECUNIA

Name: 34617

Hyperlink:http://secunia.com/advisories/34617

External Source: SECUNIA

Name: 34598

Hyperlink:http://secunia.com/advisories/34598

External Source: SECUNIA

Name: 34594

Hyperlink:http://secunia.com/advisories/34594

External Source: REDHAT

Name: RHSA-2009:0410

Hyperlink:http://rhn.redhat.com/errata/RHSA-2009-0410.html

External Source: REDHAT

Name: RHSA-2009:0409

Hyperlink:http://rhn.redhat.com/errata/RHSA-2009-0409.html

External Source: OVAL

Name: oval:org.mitre.oval:def:6301

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6301

External Source: OVAL

Name: oval:org.mitre.oval:def:5483

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5483

External Source: OVAL

Name: oval:org.mitre.oval:def:10694

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10694

External Source: HP

Name: SSRT100495

Hyperlink:http://marc.info/?l=bugtraq&m=130497213107107&w=2

External Source: HP

Name: HPSBOV02682

Hyperlink:http://marc.info/?l=bugtraq&m=130497213107107&w=2

External Source: HP

Name: HPSBUX02421

Hyperlink:http://marc.info/?l=bugtraq&m=124896429301168&w=2

External Source: HP

Name: HPSBUX02421

Hyperlink:http://marc.info/?l=bugtraq&m=124896429301168&w=2

External Source: MLIST

Name: [security-announce] 20090701 VMSA-2009-0008 ESX Service Console update for krb5

Hyperlink:http://lists.vmware.com/pipermail/security-announce/2009/000059.html

External Source: APPLE

Name: APPLE-SA-2009-05-12

Hyperlink:http://lists.apple.com/archives/security-announce/2009/May/msg00002.html

References to Check Content

Identifier:oval:org.mitre.oval:def:6301

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:6301

Identifier:oval:org.mitre.oval:def:10694

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10694

Identifier:oval:org.mitre.oval:def:5483

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:5483