CVE-2009-4212
published 2010-01-13CVE-2009-4212: Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7…
PriorityP343critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
7.41%
93.7th percentile
Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid.
Affected
26 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | krb5 | < krb5 1.8+dfsg~alpha1-1 (bookworm) | krb5 1.8+dfsg~alpha1-1 (bookworm) |
| mit | kerberos | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | krb5 | >= 0 < 1.8+dfsg~alpha1-1 | 1.8+dfsg~alpha1-1 |
| mit | krb5 | >= 0 < 1.8+dfsg~alpha1-1 | 1.8+dfsg~alpha1-1 |
| mit | krb5 | >= 0 < 1.8+dfsg~alpha1-1 | 1.8+dfsg~alpha1-1 |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_debian10.0CRITICAL
vendor_redhat10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-39cv-j24w-8wvf: Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1
ghsa_unreviewed·2022-05-02
CVE-2009-4212 [HIGH] GHSA-39cv-j24w-8wvf: Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1
Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid.
OSV
CVE-2009-4212: Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1
osv·2010-01-13·CVSS 10.0
CVE-2009-4212 [CRITICAL] CVE-2009-4212: Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1
Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid.
Ubuntu
Kerberos vulnerability
vendor_ubuntu·2010-01-12
CVE-2009-4212 Kerberos vulnerability
Title: Kerberos vulnerability
Summary: Kerberos vulnerability
It was discovered that Kerberos did not correctly handle invalid AES
blocks. An unauthenticated remote attacker could send specially crafted
traffic that would crash the KDC service, leading to a denial of service,
or possibly execute arbitrary code with root privileges.
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Red Hat
krb: KDC integer overflows in AES and RC4 decryption routines (MITKRB5-SA-2009-004)
vendor_redhat·2010-01-12·CVSS 10.0
CVE-2009-4212 [CRITICAL] CWE-190 krb: KDC integer overflows in AES and RC4 decryption routines (MITKRB5-SA-2009-004)
krb: KDC integer overflows in AES and RC4 decryption routines (MITKRB5-SA-2009-004)
Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid.
Debian
CVE-2009-4212: krb5 - Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality ...
vendor_debian·2009·CVSS 10.0
CVE-2009-4212 [CRITICAL] CVE-2009-4212: krb5 - Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality ...
Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid.
Scope: local
bookworm: resolved (fixed in 1.8+dfsg~alpha1-1)
bullseye: resolved (fixed in 1.8+dfsg~alpha1-1)
forky: resolved (fixed in 1.8+dfsg~alpha1-1)
sid: resolved (fixed in 1.8+dfsg~alpha1-1)
trixie: resolved (fixed in 1.8+dfsg~alpha1-1)
No detection rules found.
No public exploits indexed.
http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-January/033915.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-January/033919.htmlhttp://marc.info/?l=bugtraq&m=130497213107107&w=2http://secunia.com/advisories/38080http://secunia.com/advisories/38108http://secunia.com/advisories/38126http://secunia.com/advisories/38140http://secunia.com/advisories/38184http://secunia.com/advisories/38203http://secunia.com/advisories/38696http://secunia.com/advisories/40220http://sunsolve.sun.com/search/document.do?assetkey=1-66-275530-1http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021779.1-1http://support.apple.com/kb/HT4188http://support.avaya.com/css/P8/documents/100074869http://ubuntu.com/usn/usn-881-1http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-004.txthttp://www.debian.org/security/2010/dsa-1969http://www.mandriva.com/security/advisories?name=MDVSA-2010:006http://www.securityfocus.com/bid/37749http://www.securitytracker.com/id?1023440http://www.vupen.com/english/advisories/2010/0096http://www.vupen.com/english/advisories/2010/0129http://www.vupen.com/english/advisories/2010/1481https://bugzilla.redhat.com/show_bug.cgi?id=545015https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11272https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7357https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8192https://rhn.redhat.com/errata/RHSA-2010-0029.htmlhttps://rhn.redhat.com/errata/RHSA-2010-0095.htmlhttp://lists.apple.com/archives/security-announce/2010//Jun/msg00001.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-January/033915.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-January/033919.htmlhttp://marc.info/?l=bugtraq&m=130497213107107&w=2http://secunia.com/advisories/38080http://secunia.com/advisories/38108http://secunia.com/advisories/38126http://secunia.com/advisories/38140http://secunia.com/advisories/38184http://secunia.com/advisories/38203http://secunia.com/advisories/38696http://secunia.com/advisories/40220http://sunsolve.sun.com/search/document.do?assetkey=1-66-275530-1http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021779.1-1http://support.apple.com/kb/HT4188http://support.avaya.com/css/P8/documents/100074869http://ubuntu.com/usn/usn-881-1http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-004.txthttp://www.debian.org/security/2010/dsa-1969http://www.mandriva.com/security/advisories?name=MDVSA-2010:006http://www.securityfocus.com/bid/37749http://www.securitytracker.com/id?1023440http://www.vupen.com/english/advisories/2010/0096http://www.vupen.com/english/advisories/2010/0129http://www.vupen.com/english/advisories/2010/1481https://bugzilla.redhat.com/show_bug.cgi?id=545015https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11272https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7357https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8192https://rhn.redhat.com/errata/RHSA-2010-0029.htmlhttps://rhn.redhat.com/errata/RHSA-2010-0095.html
2010-01-13
Published