SUSE-SA:2009:019 -- SUSE krb5 remote code executionID: oval:org.secpod.oval:def:400089 | Date: (C)2012-01-31 (M)2024-02-15 |
Class: PATCH | Family: unix |
The Kerberos implementation from MIT is vulnerable to four different security issues that range from a remote crash to to possible, but very unlikely, remote code execution. - CVE-2009-0844: The SPNEGO GSS-API implementation can read beyond the end of a buffer which leads to a crash. - CVE-2009-0845: A NULL pointer dereference in the SPNEGO code can lead to a crash which affects programs using the GSS-API. - CVE-2009-0846: The ASN.1 decoder can free an uninitialized NULL pointer which leads to a crash and can possibly lead to remote code execution. This bug can be exploited before any authen- tication happened, - CVE-2009-0847: The ASN.1 decoder incorrectly validates a length parameter which leads to malloc errors any possibly to a crash.
Platform: |
openSUSE 10.3 |
openSUSE 11.1 |
openSUSE 11.0 |