SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2009-0846

Date: (C)2009-04-08 (M)2024-02-16

The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 10.0
Exploit Score: 10.0
Impact Score: 10.0

CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE

Reference:

SECTRACK-1021994

http://www.securityfocus.com/archive/1/502527/100/0/threaded

http://www.securityfocus.com/archive/1/502546/100/0/threaded

http://www.securityfocus.com/archive/1/504683/100/0/threaded

SUNALERT-256728

APPLE-SA-2009-05-12

FEDORA-2009-2834

FEDORA-2009-2852

http://lists.vmware.com/pipermail/security-announce/2009/000059.html

http://support.apple.com/kb/HT3549

http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm

http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html

http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-002.txt

http://wiki.rpath.com/Advisories:rPSA-2009-0058

http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058

http://www-01.ibm.com/support/docview.wss?uid=swg21396120

http://www.vmware.com/security/advisories/VMSA-2009-0008.html

oval:org.mitre.oval:def:10694

oval:org.mitre.oval:def:5483

oval:org.mitre.oval:def:6301

oval:org.secpod.oval:def:300824
oval:org.secpod.oval:def:200292
oval:org.mitre.oval:def:8181
oval:org.secpod.oval:def:300832
...

© SecPod Technologies