cbcvebase.
CVE-2009-0846
published 2009-04-09

CVE-2009-0846: The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows…

PriorityP342critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
8.90%
94.6th percentile
The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer.

Affected

23 ranges
VendorProductVersion rangeFixed in
applemac_os_x< 10.5.710.5.7
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
debiankrb5< krb5 1.6.dfsg.4~beta1-13 (bookworm)krb5 1.6.dfsg.4~beta1-13 (bookworm)
fedoraprojectfedora
fedoraprojectfedora
mitkerberos_5< 1.6.41.6.4
mitkrb5>= 0 < 1.6.dfsg.4~beta1-131.6.dfsg.4~beta1-13
mitkrb5>= 0 < 1.6.dfsg.4~beta1-131.6.dfsg.4~beta1-13
mitkrb5>= 0 < 1.6.dfsg.4~beta1-131.6.dfsg.4~beta1-13
mitkrb5>= 0 < 1.6.dfsg.4~beta1-131.6.dfsg.4~beta1-13
redhatenterprise_linux
redhatenterprise_linux_desktop
redhatenterprise_linux_desktop
redhatenterprise_linux_eus
redhatenterprise_linux_server
redhatenterprise_linux_server
redhatenterprise_linux_server
redhatenterprise_linux_workstation
redhatenterprise_linux_workstation
redhatenterprise_linux_workstation

Detection & IOCsextracted from sources · hover to see the quote

  • The vulnerability is triggered by sending an invalid DER encoding in ASN.1 GeneralizedTime fields to a Kerberos service; detect malformed ASN.1 DER-encoded Kerberos traffic targeting the asn1_decode_generaltime function
  • Attack vector is unauthenticated remote — no prior authentication required; monitor for unexpected crashes of Kerberos daemons (krb5kdc, kadmind) following receipt of specially crafted network traffic
  • The vulnerable code path is in lib/krb5/asn.1/asn1_decode.c — focus code review and binary diffing on the asn1_decode_generaltime function in MIT krb5 versions before 1.6.4
  • ·glibc hardened malloc/free on Red Hat Enterprise Linux 4 and later greatly mitigates the possibility of code execution; RHEL 2.1 and 3 lack this hardening and carry a higher impact rating
  • ·No known exploit exists that achieves arbitrary code execution; crash/DoS is the realistic impact
  • ·This is an implementation vulnerability in MIT krb5 only; it is not a flaw in the Kerberos protocol itself

CVSS provenance

nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_debian10.0CRITICAL
vendor_redhat10.0CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.