[Forgot Password]
Login  Register Subscribe

23631

 
 

126366

 
 

98250

 
 

909

 
 

79281

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

DSA-1766 krb5 -- several vulnerabilities

ID: oval:org.mitre.oval:def:8181Date: (C)2009-12-15   (M)2017-11-27
Class: PATCHFamily: unix




Several vulnerabilities have been found in the MIT reference implementation of Kerberos V5, a system for authenticating users and services on a network. The Common Vulnerabilities and Exposures project identified the following problems: The Apple Product Security team discovered that the SPNEGO GSS-API mechanism suffers of a missing bounds check when reading a network input buffer which results in an invalid read crashing the application or possibly leaking information. Under certain conditions the SPNEGO GSS-API mechanism references a null pointer which crashes the application using the library. An incorrect length check inside the ASN.1 decoder of the MIT krb5 implementation allows an unauthenticated remote attacker to crash of the kinit or KDC program. Under certain conditions the the ASN.1 decoder of the MIT krb5 implementation frees an uninitialized pointer which could lead to denial of service and possibly arbitrary code execution.

Platform:
Debian 5.0
Debian 4.0
Product:
krb5
Reference:
DSA-1766
CVE-2009-0844
CVE-2009-0845
CVE-2009-0847
CVE-2009-0846
CVE    4
CVE-2009-0844
CVE-2009-0847
CVE-2009-0846
CVE-2009-0845
...
CPE    2
cpe:/o:debian:debian_linux:5.x
cpe:/o:debian:debian_linux:4.x

© 2013 SecPod Technologies