CVE-2009-0845
published 2009-03-27CVE-2009-0845: The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows…
PriorityP425medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
5.63%
92.0th percentile
The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | krb5 | < krb5 1.6.dfsg.4~beta1-13 (bookworm) | krb5 1.6.dfsg.4~beta1-13 (bookworm) |
| mit | kerberos | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | krb5 | >= 0 < 1.6.dfsg.4~beta1-13 | 1.6.dfsg.4~beta1-13 |
| mit | krb5 | >= 0 < 1.6.dfsg.4~beta1-13 | 1.6.dfsg.4~beta1-13 |
| mit | krb5 | >= 0 < 1.6.dfsg.4~beta1-13 | 1.6.dfsg.4~beta1-13 |
| mit | krb5 | >= 0 < 1.6.dfsg.4~beta1-13 | 1.6.dfsg.4~beta1-13 |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0MEDIUM
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Kerberos vulnerabilities
vendor_ubuntu·2009-04-07
CVE-2009-0844 Kerberos vulnerabilities
Title: Kerberos vulnerabilities
Summary: Kerberos vulnerabilities
Multiple flaws were discovered in the Kerberos GSS-API and ASN.1 routines
that did not correctly handle certain requests. An unauthenticated remote
attacker could send specially crafted traffic to crash services using
the Kerberos library, leading to a denial of service.
Instructions: After a standard system upgrade you need to restart any services using
the Kerberos libraries to effect the necessary changes.
Red Hat
krb5: NULL pointer dereference in GSSAPI SPNEGO (MITKRB5-SA-2009-001)
vendor_redhat·2009-03-13·CVSS 5.0
CVE-2009-0845 [MEDIUM] CWE-476 krb5: NULL pointer dereference in GSSAPI SPNEGO (MITKRB5-SA-2009-001)
krb5: NULL pointer dereference in GSSAPI SPNEGO (MITKRB5-SA-2009-001)
The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token.
Debian
CVE-2009-0845: krb5 - The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in...
vendor_debian·2009·CVSS 5.0
CVE-2009-0845 [MEDIUM] CVE-2009-0845: krb5 - The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in...
The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token.
Scope: local
bookworm: resolved (fixed in 1.6.dfsg.4~beta1-13)
bullseye: resolved (fixed in 1.6.dfsg.4~beta1-13)
forky: resolved (fixed in 1.6.dfsg.4~beta1-13)
sid: resolved (fixed in 1.6.dfsg.4~beta1-13)
trixie: resolved (fixed in 1.6.dfsg.4~beta1-13)
GHSA
GHSA-74gr-5fw9-9jj5: The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech
ghsa_unreviewed·2022-05-02
CVE-2009-0845 [MEDIUM] CWE-20 GHSA-74gr-5fw9-9jj5: The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech
The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token.
OSV
CVE-2009-0845: The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech
osv·2009-03-27·CVSS 5.0
CVE-2009-0845 [MEDIUM] CVE-2009-0845: The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech
The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2010-0628 krb5: Assertion failure in GSSAPI SPNEGO mechanism (MITKRB5-SA-2010-002)
bugzilla·2010-02-17·CVSS 5.0
CVE-2010-0628 [MEDIUM] CVE-2010-0628 krb5: Assertion failure in GSSAPI SPNEGO mechanism (MITKRB5-SA-2010-002)
CVE-2010-0628 krb5: Assertion failure in GSSAPI SPNEGO mechanism (MITKRB5-SA-2010-002)
A denial of service flaw was found in Kerberos's GSS-API spnego
security mechanism implementation. A remote attacker could use
this flaw to cause gss-server crash via invalid ContextFlags
for the reqFlags field in the NegTokenInit in spnego_mech.c,
which triggers an assertion failure. Similar vulnerability than
CVE-2009-0845.
PGP-signed patch from upstream will be available at:
http://web.mit.edu/kerberos/advisories/2010-002-patch.txt.asc
Discussion:
This issue does NOT affect the versions of the krb5-workstation
package, as shipped with Red Hat Enterprise Linux 3, 4, and 5.
This issue does NOT affect the version of the krb5-workstation-servers
package, as shipped with Fedora release of 11.
This is
Bugzilla
CVE-2009-0844 krb5: buffer over-read in SPNEGO GSS-API mechanism (MITKRB5-SA-2009-001)
bugzilla·2009-03-19·CVSS 5.8
CVE-2009-0844 [MEDIUM] CVE-2009-0844 krb5: buffer over-read in SPNEGO GSS-API mechanism (MITKRB5-SA-2009-001)
CVE-2009-0844 krb5: buffer over-read in SPNEGO GSS-API mechanism (MITKRB5-SA-2009-001)
The MIT krb5 implementation of the SPNEGO GSS-API mechanism can read
beyond the end of a network input buffer. This can cause a GSS-API
application to crash by reading from invalid address space. Under
theoretically possible but very unlikely conditions, a small
information leak may occur. We believe that no successful exploit
exists that could induce an information leak.
Discussion:
The affected code is not in versions older than krb5 1.5, so only RHEL5 is affected (krb5 1.3.4 is in RHEL4).
---
Created attachment 335792
patch to fix MITKRB5-SA-2009-001 issues (CVE-2009-{0844,0845,0847}
This patch corrects CVE-2009-0844, CVE-2009-0845, and CVE-2009-0846. Provided by upstream.
---
CVE-2009-0845 wa
Bugzilla
CVE-2009-0845 krb5: NULL pointer dereference in GSSAPI SPNEGO (MITKRB5-SA-2009-001)
bugzilla·2009-03-17·CVSS 5.0
CVE-2009-0845 [MEDIUM] CVE-2009-0845 krb5: NULL pointer dereference in GSSAPI SPNEGO (MITKRB5-SA-2009-001)
CVE-2009-0845 krb5: NULL pointer dereference in GSSAPI SPNEGO (MITKRB5-SA-2009-001)
A null pointer dereference flaw was found in Kerberos's GSS-API spnego
security mechanism implemenation. A local user could use this flaw
to cause a denial of service (krb5 daemon crash) via invalid ContextFlags for
the reqFlags field in the NegTokenInit (RFC 4178).
References:
http://krbdev.mit.edu/rt/Ticket/Display.html?user=guest&pass=guest&id=6402
Upstream patch:
http://src.mit.edu/fisheye/changelog/krb5/?cs=22099
Discussion:
krb5-1.6.3-17.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/krb5-1.6.3-17.fc10
---
krb5-1.6.3-15.fc9 has been submitted as an update for Fedora 9.
http://admin.fedoraproject.org/updates/krb5-1.6.3-15.fc9
---
This issue did not a
http://krbdev.mit.edu/rt/Ticket/Display.html?user=guest&pass=guest&id=6402http://lists.apple.com/archives/security-announce/2009/May/msg00002.htmlhttp://secunia.com/advisories/34347http://secunia.com/advisories/34594http://secunia.com/advisories/34617http://secunia.com/advisories/34622http://secunia.com/advisories/34628http://secunia.com/advisories/34630http://secunia.com/advisories/34637http://secunia.com/advisories/34640http://secunia.com/advisories/34734http://secunia.com/advisories/35074http://security.gentoo.org/glsa/glsa-200904-09.xmlhttp://src.mit.edu/fisheye/browse/krb5/trunk/src/lib/gssapi/spnego/spnego_mech.c?r1=21875&r2=22084http://src.mit.edu/fisheye/changelog/krb5/?cs=22084http://sunsolve.sun.com/search/document.do?assetkey=1-26-256728-1http://support.apple.com/kb/HT3549http://support.avaya.com/elmodocs2/security/ASA-2009-142.htmhttp://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.htmlhttp://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.htmlhttp://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-001.txthttp://wiki.rpath.com/Advisories:rPSA-2009-0058http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058http://www-01.ibm.com/support/docview.wss?uid=swg21396120http://www.kb.cert.org/vuls/id/662091http://www.mandriva.com/security/advisories?name=MDVSA-2009:082http://www.redhat.com/support/errata/RHSA-2009-0408.htmlhttp://www.securityfocus.com/archive/1/502526/100/0/threadedhttp://www.securityfocus.com/archive/1/502546/100/0/threadedhttp://www.securityfocus.com/bid/34257http://www.securitytracker.com/id?1021867http://www.ubuntu.com/usn/usn-755-1http://www.us-cert.gov/cas/techalerts/TA09-133A.htmlhttp://www.vupen.com/english/advisories/2009/0847http://www.vupen.com/english/advisories/2009/0976http://www.vupen.com/english/advisories/2009/1057http://www.vupen.com/english/advisories/2009/1106http://www.vupen.com/english/advisories/2009/1297http://www.vupen.com/english/advisories/2009/2248https://exchange.xforce.ibmcloud.com/vulnerabilities/49448https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10044https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6449https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00205.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-April/msg00206.htmlhttp://krbdev.mit.edu/rt/Ticket/Display.html?user=guest&pass=guest&id=6402http://lists.apple.com/archives/security-announce/2009/May/msg00002.htmlhttp://secunia.com/advisories/34347http://secunia.com/advisories/34594http://secunia.com/advisories/34617http://secunia.com/advisories/34622http://secunia.com/advisories/34628http://secunia.com/advisories/34630http://secunia.com/advisories/34637http://secunia.com/advisories/34640http://secunia.com/advisories/34734http://secunia.com/advisories/35074http://security.gentoo.org/glsa/glsa-200904-09.xmlhttp://src.mit.edu/fisheye/browse/krb5/trunk/src/lib/gssapi/spnego/spnego_mech.c?r1=21875&r2=22084http://src.mit.edu/fisheye/changelog/krb5/?cs=22084http://sunsolve.sun.com/search/document.do?assetkey=1-26-256728-1http://support.apple.com/kb/HT3549http://support.avaya.com/elmodocs2/security/ASA-2009-142.htmhttp://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.htmlhttp://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.htmlhttp://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-001.txthttp://wiki.rpath.com/Advisories:rPSA-2009-0058http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058http://www-01.ibm.com/support/docview.wss?uid=swg21396120http://www.kb.cert.org/vuls/id/662091http://www.mandriva.com/security/advisories?name=MDVSA-2009:082http://www.redhat.com/support/errata/RHSA-2009-0408.htmlhttp://www.securityfocus.com/archive/1/502526/100/0/threadedhttp://www.securityfocus.com/archive/1/502546/100/0/threadedhttp://www.securityfocus.com/bid/34257http://www.securitytracker.com/id?1021867http://www.ubuntu.com/usn/usn-755-1http://www.us-cert.gov/cas/techalerts/TA09-133A.htmlhttp://www.vupen.com/english/advisories/2009/0847http://www.vupen.com/english/advisories/2009/0976http://www.vupen.com/english/advisories/2009/1057http://www.vupen.com/english/advisories/2009/1106http://www.vupen.com/english/advisories/2009/1297http://www.vupen.com/english/advisories/2009/2248https://exchange.xforce.ibmcloud.com/vulnerabilities/49448https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10044https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6449https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00205.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-April/msg00206.html
2009-03-27
Published