Back to search
CVE-2009-0846
Published: Apr 9, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20090701 VMSA-2009-0008 ESX Service Console update for krb5
mailing-list
x_refsource_BUGTRAQ
oval:org.mitre.oval:def:6301
vdb-entry
signature
x_refsource_OVAL
MDVSA-2009:098
vendor-advisory
x_refsource_MANDRIVA
VU#662091
third-party-advisory
x_refsource_CERT-VN
20090407 MITKRB5-SA-2009-002: ASN.1 decoder frees uninitialized pointer [CVE-2009-0846]
mailing-list
x_refsource_BUGTRAQ
ADV-2009-0960
vdb-entry
x_refsource_VUPEN
http://support.apple.com/kb/HT3549
x_refsource_CONFIRM
http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm
x_refsource_CONFIRM
35667
third-party-advisory
x_refsource_SECUNIA
RHSA-2009:0408
vendor-advisory
x_refsource_REDHAT
http://www.vmware.com/security/advisories/VMSA-2009-0008.html
x_refsource_CONFIRM
34637
third-party-advisory
x_refsource_SECUNIA
SSRT100495
vendor-advisory
x_refsource_HP
ADV-2009-2084
vdb-entry
x_refsource_VUPEN
oval:org.mitre.oval:def:10694
vdb-entry
signature
x_refsource_OVAL
34640
third-party-advisory
x_refsource_SECUNIA
35074
third-party-advisory
x_refsource_SECUNIA
256728
vendor-advisory
x_refsource_SUNALERT
GLSA-200904-09
vendor-advisory
x_refsource_GENTOO
ADV-2009-0976
vdb-entry
x_refsource_VUPEN
APPLE-SA-2009-05-12
vendor-advisory
x_refsource_APPLE
USN-755-1
vendor-advisory
x_refsource_UBUNTU
34630
third-party-advisory
x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21396120
x_refsource_CONFIRM
oval:org.mitre.oval:def:5483
vdb-entry
signature
x_refsource_OVAL
ADV-2009-1057
vdb-entry
x_refsource_VUPEN
34617
third-party-advisory
x_refsource_SECUNIA
34628
third-party-advisory
x_refsource_SECUNIA
34734
third-party-advisory
x_refsource_SECUNIA
ADV-2009-2248
vdb-entry
x_refsource_VUPEN
TA09-133A
third-party-advisory
x_refsource_CERT
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058
x_refsource_MISC
34598
third-party-advisory
x_refsource_SECUNIA
RHSA-2009:0409
vendor-advisory
x_refsource_REDHAT
ADV-2009-1297
vdb-entry
x_refsource_VUPEN
34622
third-party-advisory
x_refsource_SECUNIA
1021994
vdb-entry
x_refsource_SECTRACK
FEDORA-2009-2852
vendor-advisory
x_refsource_FEDORA
FEDORA-2009-2834
vendor-advisory
x_refsource_FEDORA
RHSA-2009:0410
vendor-advisory
x_refsource_REDHAT
[security-announce] 20090701 VMSA-2009-0008 ESX Service Console update for krb5
mailing-list
x_refsource_MLIST
http://wiki.rpath.com/Advisories:rPSA-2009-0058
x_refsource_CONFIRM
20090407 rPSA-2009-0058-1 krb5 krb5-server krb5-services krb5-test krb5-workstation
mailing-list
x_refsource_BUGTRAQ
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-002.txt
x_refsource_CONFIRM
HPSBOV02682
vendor-advisory
x_refsource_HP
34594
third-party-advisory
x_refsource_SECUNIA
ADV-2009-1106
vdb-entry
x_refsource_VUPEN
HPSBUX02421
vendor-advisory
x_refsource_HP
34409
vdb-entry
x_refsource_BID
SSRT090047
vendor-advisory
x_refsource_HP
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now