National Vulnerability Database (NVD) National Vulnerability Database (CVE-2009-4212)

National Cyber Awareness System

Vulnerability Summary for CVE-2009-4212

Original release date:01/13/2010

Last revised:09/07/2011

Source: US-CERT/NIST

Overview

Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid.

Impact

CVSS Severity (version 2.0):

CVSS v2 Base Score:10.0 (HIGH) (AV:N/AC:L/Au:N/C:C/I:C/A:C) (legend)

Impact Subscore: 10.0

Exploitability Subscore: 10.0

CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: Low

Authentication: Not required to exploit

Impact Type:Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service

Per: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-004.txt "Only releases krb5-1.3 and later are vulnerable, as earlier releases did not contain the functionality implemented by the vulnerable code. This is an implementation vulnerability in MIT krb5, and is not a vulnerability in the Kerberos protocol."

Solution

Per: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-004.txt FIXES ===== * The upcoming krb5-1.7.1 and krb5-1.6.4 releases will contain a fix for this vulnerability. * For the krb5-1.7 release, apply the patch available at: http://web.mit.edu/kerberos/advisories/2009-004-patch_1.7.txt A PGP-signed patch is available at http://web.mit.edu/kerberos/advisories/2009-004-patch_1.7.txt.asc * For the krb5-1.6 releases, apply the patch available at: http://web.mit.edu/kerberos/advisories/2009-004-patch_1.6.3.txt A PGP-signed patch is available at http://web.mit.edu/kerberos/advisories/2009-004-patch_1.6.3.txt.asc * The krb5-1.6.3 patch might apply successfully to older releases. }

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: CONFIRM

Name: https://bugzilla.redhat.com/show_bug.cgi?id=545015

Type: Patch Information

Hyperlink:https://bugzilla.redhat.com/show_bug.cgi?id=545015

External Source: CONFIRM

Name: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-004.txt

Type: Advisory; Patch Information

Hyperlink:http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-004.txt

External Source: REDHAT

Name: RHSA-2010:0095

Hyperlink:https://rhn.redhat.com/errata/RHSA-2010-0095.html

External Source: REDHAT

Name: RHSA-2010:0029

Hyperlink:https://rhn.redhat.com/errata/RHSA-2010-0029.html

External Source: VUPEN

Name: ADV-2010-1481

Hyperlink:http://www.vupen.com/english/advisories/2010/1481

External Source: VUPEN

Name: ADV-2010-0129

Hyperlink:http://www.vupen.com/english/advisories/2010/0129

External Source: VUPEN

Name: ADV-2010-0096

Hyperlink:http://www.vupen.com/english/advisories/2010/0096

External Source: SECTRACK

Name: 1023440

Hyperlink:http://www.securitytracker.com/id?1023440

External Source: BID

Name: 37749

Hyperlink:http://www.securityfocus.com/bid/37749

External Source: MANDRIVA

Name: MDVSA-2010:006

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2010:006

External Source: DEBIAN

Name: DSA-1969

Hyperlink:http://www.debian.org/security/2010/dsa-1969

External Source: UBUNTU

Name: USN-881-1

Hyperlink:http://ubuntu.com/usn/usn-881-1

External Source: CONFIRM

Name: http://support.avaya.com/css/P8/documents/100074869

Hyperlink:http://support.avaya.com/css/P8/documents/100074869

External Source: CONFIRM

Name: http://support.apple.com/kb/HT4188

Hyperlink:http://support.apple.com/kb/HT4188

External Source: SUNALERT

Name: 1021779

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021779.1-1

External Source: SUNALERT

Name: 275530

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-66-275530-1

External Source: SECUNIA

Name: 40220

Hyperlink:http://secunia.com/advisories/40220

External Source: SECUNIA

Name: 38696

Hyperlink:http://secunia.com/advisories/38696

External Source: SECUNIA

Name: 38203

Hyperlink:http://secunia.com/advisories/38203

External Source: SECUNIA

Name: 38184

Hyperlink:http://secunia.com/advisories/38184

External Source: SECUNIA

Name: 38140

Hyperlink:http://secunia.com/advisories/38140

External Source: SECUNIA

Name: 38126

Hyperlink:http://secunia.com/advisories/38126

External Source: SECUNIA

Name: 38108

Hyperlink:http://secunia.com/advisories/38108

External Source: SECUNIA

Name: 38080

Hyperlink:http://secunia.com/advisories/38080

External Source: OVAL

Name: oval:org.mitre.oval:def:8192

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8192

External Source: OVAL

Name: oval:org.mitre.oval:def:7357

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7357

External Source: OVAL

Name: oval:org.mitre.oval:def:11272

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11272

External Source: HP

Name: HPSBOV02682

Hyperlink:http://marc.info/?l=bugtraq&m=130497213107107&w=2

External Source: HP

Name: SSRT100495

Hyperlink:http://marc.info/?l=bugtraq&m=130497213107107&w=2

External Source: FEDORA

Name: FEDORA-2010-0515

Hyperlink:http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033919.html

External Source: FEDORA

Name: FEDORA-2010-0503

Hyperlink:http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033915.html

External Source: APPLE

Name: APPLE-SA-2010-06-15-1

Hyperlink:http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html

References to Check Content

Identifier:oval:org.mitre.oval:def:8192

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:8192

Identifier:oval:org.mitre.oval:def:7357

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:7357

Identifier:oval:org.mitre.oval:def:11272

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:11272

Vulnerable software and versions

Configuration 1

* cpe:/a:mit:kerberos:5-1.3

* cpe:/a:mit:kerberos:5-1.3.1

* cpe:/a:mit:kerberos:5-1.3.2

* cpe:/a:mit:kerberos:5-1.3.3

* cpe:/a:mit:kerberos:5-1.3.4

* cpe:/a:mit:kerberos:5-1.3.5

* cpe:/a:mit:kerberos:5-1.3.6

* cpe:/a:mit:kerberos:5-1.4

* cpe:/a:mit:kerberos:5-1.4.1

* cpe:/a:mit:kerberos:5-1.4.2

* cpe:/a:mit:kerberos:5-1.4.3

* cpe:/a:mit:kerberos:5-1.4.4

* cpe:/a:mit:kerberos:5-1.5

* cpe:/a:mit:kerberos:5-1.5.1

* cpe:/a:mit:kerberos:5-1.5.2

* cpe:/a:mit:kerberos:5-1.5.3

* cpe:/a:mit:kerberos:5-1.6

* cpe:/a:mit:kerberos:5-1.6.1

* cpe:/a:mit:kerberos:5-1.6.2

* cpe:/a:mit:kerberos:5-1.6.3

* cpe:/a:mit:kerberos:5-1.7

* Denotes Vulnerable Software

Technical Details

Vulnerability Type (View All)

Numeric Errors (CWE-189)

CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4212