Back to search
CVE-2009-0845
Published: Mar 27, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20090407 MITKRB5-SA-2009-001: multiple vulnerabilities in SPNEGO, ASN.1 decoder [CVE-2009-0844 CVE-2009-0845 CVE-2009-0847]
mailing-list
x_refsource_BUGTRAQ
VU#662091
third-party-advisory
x_refsource_CERT-VN
34257
vdb-entry
x_refsource_BID
ADV-2009-0847
vdb-entry
x_refsource_VUPEN
34347
third-party-advisory
x_refsource_SECUNIA
http://support.apple.com/kb/HT3549
x_refsource_CONFIRM
http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm
x_refsource_CONFIRM
RHSA-2009:0408
vendor-advisory
x_refsource_REDHAT
34637
third-party-advisory
x_refsource_SECUNIA
34640
third-party-advisory
x_refsource_SECUNIA
35074
third-party-advisory
x_refsource_SECUNIA
MDVSA-2009:082
vendor-advisory
x_refsource_MANDRIVA
256728
vendor-advisory
x_refsource_SUNALERT
GLSA-200904-09
vendor-advisory
x_refsource_GENTOO
ADV-2009-0976
vdb-entry
x_refsource_VUPEN
APPLE-SA-2009-05-12
vendor-advisory
x_refsource_APPLE
USN-755-1
vendor-advisory
x_refsource_UBUNTU
34630
third-party-advisory
x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21396120
x_refsource_CONFIRM
ADV-2009-1057
vdb-entry
x_refsource_VUPEN
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-001.txt
x_refsource_CONFIRM
34617
third-party-advisory
x_refsource_SECUNIA
34628
third-party-advisory
x_refsource_SECUNIA
34734
third-party-advisory
x_refsource_SECUNIA
kerberos-spnego-dos(49448)
vdb-entry
x_refsource_XF
oval:org.mitre.oval:def:6449
vdb-entry
signature
x_refsource_OVAL
ADV-2009-2248
vdb-entry
x_refsource_VUPEN
TA09-133A
third-party-advisory
x_refsource_CERT
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058
x_refsource_MISC
ADV-2009-1297
vdb-entry
x_refsource_VUPEN
34622
third-party-advisory
x_refsource_SECUNIA
http://krbdev.mit.edu/rt/Ticket/Display.html?user=guest&pass=guest&id=6402
x_refsource_CONFIRM
FEDORA-2009-2852
vendor-advisory
x_refsource_FEDORA
1021867
vdb-entry
x_refsource_SECTRACK
FEDORA-2009-2834
vendor-advisory
x_refsource_FEDORA
http://wiki.rpath.com/Advisories:rPSA-2009-0058
x_refsource_CONFIRM
oval:org.mitre.oval:def:10044
vdb-entry
signature
x_refsource_OVAL
http://src.mit.edu/fisheye/changelog/krb5/?cs=22084
x_refsource_CONFIRM
20090407 rPSA-2009-0058-1 krb5 krb5-server krb5-services krb5-test krb5-workstation
mailing-list
x_refsource_BUGTRAQ
34594
third-party-advisory
x_refsource_SECUNIA
ADV-2009-1106
vdb-entry
x_refsource_VUPEN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now