The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Apple
  • Mac Os X
Canonical
  • Ubuntu Linux
Fedoraproject
  • Fedora
Mit
  • Kerberos 5
Redhat
  • Enterprise Linux
  • Enterprise Linux Desktop
  • Enterprise Linux Eus
  • Enterprise Linux Server
  • Enterprise Linux Workstation

Configuration 1 [-]

cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*

Configuration 4 [-]

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

Configuration 5 [-]

OR cpe:2.3:o:redhat:enterprise_linux:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:4.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:2.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:3.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:2.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:3.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 2.1
krb5-0:1.2.2-49 cpe:/o:redhat:enterprise_linux:2.1 RHSA-2009:0410 2009-04-07T00:00:00Z
Red Hat Enterprise Linux 3
krb5-0:1.2.7-70 cpe:/o:redhat:enterprise_linux:3 RHSA-2009:0410 2009-04-07T00:00:00Z
Red Hat Enterprise Linux 4
krb5-0:1.3.4-60.el4_7.2 cpe:/o:redhat:enterprise_linux:4 RHSA-2009:0409 2009-04-07T00:00:00Z
Red Hat Enterprise Linux 5
krb5-0:1.6.1-31.el5_3.3 cpe:/o:redhat:enterprise_linux:5 RHSA-2009:0408 2009-04-07T00:00:00Z
References
Link Providers
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html cve-icon cve-icon
http://lists.vmware.com/pipermail/security-announce/2009/000059.html cve-icon cve-icon
http://marc.info/?l=bugtraq&m=124896429301168&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=130497213107107&w=2 cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2009-0409.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2009-0410.html cve-icon cve-icon
http://secunia.com/advisories/34594 cve-icon cve-icon
http://secunia.com/advisories/34598 cve-icon cve-icon
http://secunia.com/advisories/34617 cve-icon cve-icon
http://secunia.com/advisories/34622 cve-icon cve-icon
http://secunia.com/advisories/34628 cve-icon cve-icon
http://secunia.com/advisories/34630 cve-icon cve-icon
http://secunia.com/advisories/34637 cve-icon cve-icon
http://secunia.com/advisories/34640 cve-icon cve-icon
http://secunia.com/advisories/34734 cve-icon cve-icon
http://secunia.com/advisories/35074 cve-icon cve-icon
http://secunia.com/advisories/35667 cve-icon cve-icon
http://security.gentoo.org/glsa/glsa-200904-09.xml cve-icon cve-icon
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256728-1 cve-icon cve-icon
http://support.apple.com/kb/HT3549 cve-icon cve-icon
http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm cve-icon cve-icon
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html cve-icon cve-icon
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html cve-icon cve-icon
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-002.txt cve-icon cve-icon
http://wiki.rpath.com/Advisories:rPSA-2009-0058 cve-icon cve-icon
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg21396120 cve-icon cve-icon
http://www.kb.cert.org/vuls/id/662091 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDVSA-2009:098 cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2009-0408.html cve-icon cve-icon
http://www.securityfocus.com/archive/1/502527/100/0/threaded cve-icon cve-icon
http://www.securityfocus.com/archive/1/502546/100/0/threaded cve-icon cve-icon
http://www.securityfocus.com/archive/1/504683/100/0/threaded cve-icon cve-icon
http://www.securityfocus.com/bid/34409 cve-icon cve-icon
http://www.securitytracker.com/id?1021994 cve-icon cve-icon
http://www.ubuntu.com/usn/usn-755-1 cve-icon cve-icon
http://www.us-cert.gov/cas/techalerts/TA09-133A.html cve-icon cve-icon
http://www.vmware.com/security/advisories/VMSA-2009-0008.html cve-icon cve-icon
http://www.vupen.com/english/advisories/2009/0960 cve-icon cve-icon
http://www.vupen.com/english/advisories/2009/0976 cve-icon cve-icon
http://www.vupen.com/english/advisories/2009/1057 cve-icon cve-icon
http://www.vupen.com/english/advisories/2009/1106 cve-icon cve-icon
http://www.vupen.com/english/advisories/2009/1297 cve-icon cve-icon
http://www.vupen.com/english/advisories/2009/2084 cve-icon cve-icon
http://www.vupen.com/english/advisories/2009/2248 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2009-0846 cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10694 cve-icon cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5483 cve-icon cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6301 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2009-0846 cve-icon
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00205.html cve-icon cve-icon
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00206.html cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-07T04:48:52.498Z

Reserved: 2009-03-06T00:00:00

Link: CVE-2009-0846

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2009-04-09T00:30:00.267

Modified: 2024-11-21T01:01:02.930

Link: CVE-2009-0846

cve-icon Redhat

Severity : Critical

Publid Date: 2009-04-07T00:00:00Z

Links: CVE-2009-0846 - Bugzilla