Back to search
CVE-2009-0847
Published: Apr 9, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service (application crash) via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations with pointer arithmetic.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
MDVSA-2009:098
vendor-advisory
x_refsource_MANDRIVA
20090407 MITKRB5-SA-2009-001: multiple vulnerabilities in SPNEGO, ASN.1 decoder [CVE-2009-0844 CVE-2009-0845 CVE-2009-0847]
mailing-list
x_refsource_BUGTRAQ
VU#662091
third-party-advisory
x_refsource_CERT-VN
ADV-2009-0960
vdb-entry
x_refsource_VUPEN
http://support.apple.com/kb/HT3549
x_refsource_CONFIRM
http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm
x_refsource_CONFIRM
oval:org.mitre.oval:def:6387
vdb-entry
signature
x_refsource_OVAL
34637
third-party-advisory
x_refsource_SECUNIA
ADV-2009-2084
vdb-entry
x_refsource_VUPEN
34408
vdb-entry
x_refsource_BID
34640
third-party-advisory
x_refsource_SECUNIA
35074
third-party-advisory
x_refsource_SECUNIA
1021993
vdb-entry
x_refsource_SECTRACK
256728
vendor-advisory
x_refsource_SUNALERT
GLSA-200904-09
vendor-advisory
x_refsource_GENTOO
ADV-2009-0976
vdb-entry
x_refsource_VUPEN
APPLE-SA-2009-05-12
vendor-advisory
x_refsource_APPLE
USN-755-1
vendor-advisory
x_refsource_UBUNTU
http://www-01.ibm.com/support/docview.wss?uid=swg21396120
x_refsource_CONFIRM
ADV-2009-1057
vdb-entry
x_refsource_VUPEN
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-001.txt
x_refsource_CONFIRM
34617
third-party-advisory
x_refsource_SECUNIA
34628
third-party-advisory
x_refsource_SECUNIA
34734
third-party-advisory
x_refsource_SECUNIA
ADV-2009-2248
vdb-entry
x_refsource_VUPEN
TA09-133A
third-party-advisory
x_refsource_CERT
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058
x_refsource_MISC
ADV-2009-1297
vdb-entry
x_refsource_VUPEN
34622
third-party-advisory
x_refsource_SECUNIA
FEDORA-2009-2852
vendor-advisory
x_refsource_FEDORA
FEDORA-2009-2834
vendor-advisory
x_refsource_FEDORA
http://wiki.rpath.com/Advisories:rPSA-2009-0058
x_refsource_CONFIRM
20090407 rPSA-2009-0058-1 krb5 krb5-server krb5-services krb5-test krb5-workstation
mailing-list
x_refsource_BUGTRAQ
34594
third-party-advisory
x_refsource_SECUNIA
ADV-2009-1106
vdb-entry
x_refsource_VUPEN
HPSBUX02421
vendor-advisory
x_refsource_HP
SSRT090047
vendor-advisory
x_refsource_HP
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now