CVE-2009-0847
published 2009-04-09CVE-2009-0847: The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service…
PriorityP415medium4.3CVSS 2.0
AVNACMAuNCNINAP
EPSS
2.77%
84.5th percentile
The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service (application crash) via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations with pointer arithmetic.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | krb5 | < krb5 1.6.dfsg.4~beta1-13 (bookworm) | krb5 1.6.dfsg.4~beta1-13 (bookworm) |
| mit | kerberos | — | — |
| mit | krb5 | >= 0 < 1.6.dfsg.4~beta1-13 | 1.6.dfsg.4~beta1-13 |
| mit | krb5 | >= 0 < 1.6.dfsg.4~beta1-13 | 1.6.dfsg.4~beta1-13 |
| mit | krb5 | >= 0 < 1.6.dfsg.4~beta1-13 | 1.6.dfsg.4~beta1-13 |
| mit | krb5 | >= 0 < 1.6.dfsg.4~beta1-13 | 1.6.dfsg.4~beta1-13 |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv4.3MEDIUM
vendor_debian4.3MEDIUM
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
krb5: incorrect length check inside ASN.1 decoder (MITKRB5-SA-2009-001)
vendor_redhat·2009-04-07·CVSS 4.3
CVE-2009-0847 [MEDIUM] CWE-130 krb5: incorrect length check inside ASN.1 decoder (MITKRB5-SA-2009-001)
krb5: incorrect length check inside ASN.1 decoder (MITKRB5-SA-2009-001)
The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service (application crash) via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations with pointer arithmetic.
Statement: Not vulnerable. This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Ubuntu
Kerberos vulnerabilities
vendor_ubuntu·2009-04-07
CVE-2009-0844 Kerberos vulnerabilities
Title: Kerberos vulnerabilities
Summary: Kerberos vulnerabilities
Multiple flaws were discovered in the Kerberos GSS-API and ASN.1 routines
that did not correctly handle certain requests. An unauthenticated remote
attacker could send specially crafted traffic to crash services using
the Kerberos library, leading to a denial of service.
Instructions: After a standard system upgrade you need to restart any services using
the Kerberos libraries to effect the necessary changes.
Debian
CVE-2009-0847: krb5 - The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6...
vendor_debian·2009·CVSS 4.3
CVE-2009-0847 [MEDIUM] CVE-2009-0847: krb5 - The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6...
The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service (application crash) via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations with pointer arithmetic.
Scope: local
bookworm: resolved (fixed in 1.6.dfsg.4~beta1-13)
bullseye: resolved (fixed in 1.6.dfsg.4~beta1-13)
forky: resolved (fixed in 1.6.dfsg.4~beta1-13)
sid: resolved (fixed in 1.6.dfsg.4~beta1-13)
trixie: resolved (fixed in 1.6.dfsg.4~beta1-13)
GHSA
GHSA-ph4p-rhxr-85rq: The asn1buf_imbed function in the ASN
ghsa_unreviewed·2022-05-02
CVE-2009-0847 [MEDIUM] GHSA-ph4p-rhxr-85rq: The asn1buf_imbed function in the ASN
The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service (application crash) via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations with pointer arithmetic.
OSV
CVE-2009-0847: The asn1buf_imbed function in the ASN
osv·2009-04-09·CVSS 4.3
CVE-2009-0847 [MEDIUM] CVE-2009-0847: The asn1buf_imbed function in the ASN
The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service (application crash) via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations with pointer arithmetic.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2009-0847 krb5: incorrect length check inside ASN.1 decoder (MITKRB5-SA-2009-001)
bugzilla·2009-03-19·CVSS 10.0
CVE-2009-0847 [CRITICAL] CVE-2009-0847 krb5: incorrect length check inside ASN.1 decoder (MITKRB5-SA-2009-001)
CVE-2009-0847 krb5: incorrect length check inside ASN.1 decoder (MITKRB5-SA-2009-001)
MIT krb5 can perform an incorrect length check inside an ASN.1
decoder. This only presents a problem in the PK-INIT code paths. In
the MIT krb5 KDC or kinit program, this could lead to spurious
malloc() failures or, under some conditions, program crash. We have
heard reports of the spurious malloc() failures, but nobody has yet
made the publicly made the connection to a security issue.
Discussion:
This issue only affects krb5 1.6.3+. Prior releases contained the vulnerable code, but the vulnerability is masked due to operations perfomed by other code. so this does not affect Red Hat Enterprise Linux 2.1, 3, 4, or 5.
---
Public now via:
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-001.txt
-
Bugzilla
CVE-2009-0844 krb5: buffer over-read in SPNEGO GSS-API mechanism (MITKRB5-SA-2009-001)
bugzilla·2009-03-19·CVSS 5.8
CVE-2009-0844 [MEDIUM] CVE-2009-0844 krb5: buffer over-read in SPNEGO GSS-API mechanism (MITKRB5-SA-2009-001)
CVE-2009-0844 krb5: buffer over-read in SPNEGO GSS-API mechanism (MITKRB5-SA-2009-001)
The MIT krb5 implementation of the SPNEGO GSS-API mechanism can read
beyond the end of a network input buffer. This can cause a GSS-API
application to crash by reading from invalid address space. Under
theoretically possible but very unlikely conditions, a small
information leak may occur. We believe that no successful exploit
exists that could induce an information leak.
Discussion:
The affected code is not in versions older than krb5 1.5, so only RHEL5 is affected (krb5 1.3.4 is in RHEL4).
---
Created attachment 335792
patch to fix MITKRB5-SA-2009-001 issues (CVE-2009-{0844,0845,0847}
This patch corrects CVE-2009-0844, CVE-2009-0845, and CVE-2009-0846. Provided by upstream.
---
CVE-2009-0845 wa
http://lists.apple.com/archives/security-announce/2009/May/msg00002.htmlhttp://marc.info/?l=bugtraq&m=124896429301168&w=2http://secunia.com/advisories/34594http://secunia.com/advisories/34617http://secunia.com/advisories/34622http://secunia.com/advisories/34628http://secunia.com/advisories/34637http://secunia.com/advisories/34640http://secunia.com/advisories/34734http://secunia.com/advisories/35074http://security.gentoo.org/glsa/glsa-200904-09.xmlhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-256728-1http://support.apple.com/kb/HT3549http://support.avaya.com/elmodocs2/security/ASA-2009-142.htmhttp://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.htmlhttp://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.htmlhttp://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-001.txthttp://wiki.rpath.com/Advisories:rPSA-2009-0058http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058http://www-01.ibm.com/support/docview.wss?uid=swg21396120http://www.kb.cert.org/vuls/id/662091http://www.mandriva.com/security/advisories?name=MDVSA-2009:098http://www.securityfocus.com/archive/1/502526/100/0/threadedhttp://www.securityfocus.com/archive/1/502546/100/0/threadedhttp://www.securityfocus.com/bid/34408http://www.securitytracker.com/id?1021993http://www.ubuntu.com/usn/usn-755-1http://www.us-cert.gov/cas/techalerts/TA09-133A.htmlhttp://www.vupen.com/english/advisories/2009/0960http://www.vupen.com/english/advisories/2009/0976http://www.vupen.com/english/advisories/2009/1057http://www.vupen.com/english/advisories/2009/1106http://www.vupen.com/english/advisories/2009/1297http://www.vupen.com/english/advisories/2009/2084http://www.vupen.com/english/advisories/2009/2248https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6387https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00205.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-April/msg00206.htmlhttp://lists.apple.com/archives/security-announce/2009/May/msg00002.htmlhttp://marc.info/?l=bugtraq&m=124896429301168&w=2http://secunia.com/advisories/34594http://secunia.com/advisories/34617http://secunia.com/advisories/34622http://secunia.com/advisories/34628http://secunia.com/advisories/34637http://secunia.com/advisories/34640http://secunia.com/advisories/34734http://secunia.com/advisories/35074http://security.gentoo.org/glsa/glsa-200904-09.xmlhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-256728-1http://support.apple.com/kb/HT3549http://support.avaya.com/elmodocs2/security/ASA-2009-142.htmhttp://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.htmlhttp://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.htmlhttp://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-001.txthttp://wiki.rpath.com/Advisories:rPSA-2009-0058http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058http://www-01.ibm.com/support/docview.wss?uid=swg21396120http://www.kb.cert.org/vuls/id/662091http://www.mandriva.com/security/advisories?name=MDVSA-2009:098http://www.securityfocus.com/archive/1/502526/100/0/threadedhttp://www.securityfocus.com/archive/1/502546/100/0/threadedhttp://www.securityfocus.com/bid/34408http://www.securitytracker.com/id?1021993http://www.ubuntu.com/usn/usn-755-1http://www.us-cert.gov/cas/techalerts/TA09-133A.htmlhttp://www.vupen.com/english/advisories/2009/0960http://www.vupen.com/english/advisories/2009/0976http://www.vupen.com/english/advisories/2009/1057http://www.vupen.com/english/advisories/2009/1106http://www.vupen.com/english/advisories/2009/1297http://www.vupen.com/english/advisories/2009/2084http://www.vupen.com/english/advisories/2009/2248https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6387https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00205.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-April/msg00206.html
2009-04-09
Published