ID CVE-2009-4212
Summary Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid.
References
Vulnerable Configurations
  • MIT Kerberos 5 1.3
    cpe:2.3:a:mit:kerberos:5-1.3
  • MIT Kerberos 5 1.3.1
    cpe:2.3:a:mit:kerberos:5-1.3.1
  • MIT Kerberos 5 1.3.2
    cpe:2.3:a:mit:kerberos:5-1.3.2
  • MIT Kerberos 5 1.3.3
    cpe:2.3:a:mit:kerberos:5-1.3.3
  • MIT Kerberos 5 1.3.4
    cpe:2.3:a:mit:kerberos:5-1.3.4
  • MIT Kerberos 5 1.3.5
    cpe:2.3:a:mit:kerberos:5-1.3.5
  • MIT Kerberos 5 1.3.6
    cpe:2.3:a:mit:kerberos:5-1.3.6
  • MIT Kerberos 5 1.4
    cpe:2.3:a:mit:kerberos:5-1.4
  • MIT Kerberos 5 1.4.1
    cpe:2.3:a:mit:kerberos:5-1.4.1
  • MIT Kerberos 5 1.4.2
    cpe:2.3:a:mit:kerberos:5-1.4.2
  • MIT Kerberos 5 1.4.3
    cpe:2.3:a:mit:kerberos:5-1.4.3
  • MIT Kerberos 5 1.4.4
    cpe:2.3:a:mit:kerberos:5-1.4.4
  • MIT Kerberos 5 1.5
    cpe:2.3:a:mit:kerberos:5-1.5
  • MIT Kerberos 5 1.5.1
    cpe:2.3:a:mit:kerberos:5-1.5.1
  • MIT Kerberos 5 1.5.2
    cpe:2.3:a:mit:kerberos:5-1.5.2
  • MIT Kerberos 5 1.5.3
    cpe:2.3:a:mit:kerberos:5-1.5.3
  • MIT Kerberos 5 1.6
    cpe:2.3:a:mit:kerberos:5-1.6
  • MIT Kerberos 5 1.6.1
    cpe:2.3:a:mit:kerberos:5-1.6.1
  • MIT Kerberos 5 1.6.2
    cpe:2.3:a:mit:kerberos:5-1.6.2
  • cpe:2.3:a:mit:kerberos:5-1.6.3
    cpe:2.3:a:mit:kerberos:5-1.6.3
  • MIT Kerberos 5 1.7
    cpe:2.3:a:mit:kerberos:5-1.7
CVSS
Base: 10.0 (as of 14-01-2010 - 08:36)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2010-004.NASL
    description The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2010-004 applied. This security update contains fixes for the following components : - CUPS - DesktopServices - Flash Player plug-in - Folder Manager - iChat - ImageIO - Kerberos - Kernel - libcurl - Network Authorization - Ruby - SMB File Server - SquirrelMail - Wiki Server
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 47024
    published 2010-06-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47024
    title Mac OS X Multiple Vulnerabilities (Security Update 2010-004)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_KRB5-100113.NASL
    description Specially crafted AES and RC4 packets could allow unauthenticated remote attackers to trigger an integer overflow leads to heap memory corruption (CVE-2009-4212).
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 44088
    published 2010-01-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44088
    title openSUSE Security Update : krb5 (krb5-1795)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201201-13.NASL
    description The remote host is affected by the vulnerability described in GLSA-201201-13 (MIT Kerberos 5: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in MIT Kerberos 5. Please review the CVE identifiers referenced below for details. Impact : A remote attacker may be able to execute arbitrary code with the privileges of the administration daemon or the Key Distribution Center (KDC) daemon, cause a Denial of Service condition, or possibly obtain sensitive information. Furthermore, a remote attacker may be able to spoof Kerberos authorization, modify KDC responses, forge user data messages, forge tokens, forge signatures, impersonate a client, modify user-visible prompt text, or have other unspecified impact. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 57655
    published 2012-01-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57655
    title GLSA-201201-13 : MIT Kerberos 5: Multiple vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_KRB5-100113.NASL
    description Specially crafted AES and RC4 packets could allow unauthenticated remote attackers to trigger an integer underflow that leads to heap memory corruption (CVE-2009-4212). This has been fixed.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 44092
    published 2010-01-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44092
    title SuSE 11 Security Update : Kerberos 5 (SAT Patch Number 1796)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_KRB5-100113.NASL
    description Specially crafted AES and RC4 packets could allow unauthenticated remote attackers to trigger an integer overflow leads to heap memory corruption (CVE-2009-4212).
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 44086
    published 2010-01-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44086
    title openSUSE Security Update : krb5 (krb5-1795)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_6_4.NASL
    description The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.4. Mac OS X 10.6.4 contains security fixes for the following components : - CUPS - DesktopServices - Flash Player plug-in - Folder Manager - Help Viewer - iChat - ImageIO - Kerberos - Kernel - libcurl - Network Authorization - Open Directory - Printer Setup - Printing - Ruby - SMB File Server - SquirrelMail - Wiki Server
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 47023
    published 2010-06-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47023
    title Mac OS X 10.6.x < 10.6.4 Multiple Vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-0503.NASL
    description This update incorporates fixes from upstream which correct integer underflow problems in the AES and RC4 decryption routines (CVE-2009-4212). It also corrects a failure in 'kdb5_util load' which could occur when the database files being created did not previously exist. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 47187
    published 2010-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47187
    title Fedora 12 : krb5-1.7-18.fc12 (2010-0503)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_KRB5-6776.NASL
    description Specially crafted AES and RC4 packets could allow unauthenticated remote attackers to trigger an integer overflow leads to heap memory corruption (CVE-2009-4212). This has been fixed.
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 49875
    published 2010-10-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49875
    title SuSE 10 Security Update : Kerberos 5 (ZYPP Patch Number 6776)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2010-0029.NASL
    description From Red Hat Security Advisory 2010:0029 : Updated krb5 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3, 4, and 5, and Red Hat Enterprise Linux 4.7, 5.2, and 5.3 Extended Update Support. This update has been rated as having critical security impact by the Red Hat Security Response Team. Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third party, the Key Distribution Center (KDC). Multiple integer underflow flaws, leading to heap-based corruption, were found in the way the MIT Kerberos Key Distribution Center (KDC) decrypted ciphertexts encrypted with the Advanced Encryption Standard (AES) and ARCFOUR (RC4) encryption algorithms. If a remote KDC client were able to provide a specially crafted AES- or RC4-encrypted ciphertext or texts, it could potentially lead to either a denial of service of the central KDC (KDC crash or abort upon processing the crafted ciphertext), or arbitrary code execution with the privileges of the KDC (i.e., root privileges). (CVE-2009-4212) All krb5 users should upgrade to these updated packages, which contain a backported patch to correct these issues. All running services using the MIT Kerberos libraries must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2016-05-06
    plugin id 67984
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67984
    title Oracle Linux 3 / 4 / 5 : krb5 (ELSA-2010-0029)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2010-0016.NASL
    description a. Service Console OS update for COS kernel This patch updates the service console kernel to fix multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-0415, CVE-2010-0307, CVE-2010-0291, CVE-2010-0622, CVE-2010-1087, CVE-2010-1437, and CVE-2010-1088 to these issues. b. Likewise package updates Updates to the likewisekrb5, likewiseopenldap, likewiseopen, and pamkrb5 packages address several security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-0844, CVE-2009-0845, CVE-2009-0846, CVE-2009-4212, and CVE-2010-1321 to these issues.
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 50611
    published 2010-11-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50611
    title VMSA-2010-0016 : VMware ESXi and ESX third-party updates for Service Console and Likewise components
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_KRB5-100113.NASL
    description Specially crafted ticket requests could crash the kerberos server (CVE-2009-3295). Specially crafted AES and RC4 packets could allow unauthenticated remote attackers to trigger an integer underflow that leads to heap memory corruption (CVE-2009-4212).
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 44090
    published 2010-01-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44090
    title openSUSE Security Update : krb5 (krb5-1792)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-0515.NASL
    description This update incorporates fixes from upstream which correct integer underflow problems in the AES and RC4 decryption routines (CVE-2009-4212). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 47188
    published 2010-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47188
    title Fedora 11 : krb5-1.6.3-23.fc11 (2010-0515)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20100112_KRB5_ON_SL3_X.NASL
    description CVE-2009-4212 krb: KDC integer overflows in AES and RC4 decryption routines (MITKRB5-SA-2009-004) Multiple integer underflow flaws, leading to heap-based corruption, were found in the way the MIT Kerberos Key Distribution Center (KDC) decrypted ciphertexts encrypted with the Advanced Encryption Standard (AES) and ARCFOUR (RC4) encryption algorithms. If a remote KDC client were able to provide a specially crafted AES- or RC4-encrypted ciphertext or texts, it could potentially lead to either a denial of service of the central KDC (KDC crash or abort upon processing the crafted ciphertext), or arbitrary code execution with the privileges of the KDC (i.e., root privileges). (CVE-2009-4212) All running services using the MIT Kerberos libraries must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60721
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60721
    title Scientific Linux Security Update : krb5 on SL3.x, SL4.x, SL5.x i386/x86_64
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2010-0029.NASL
    description Updated krb5 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3, 4, and 5, and Red Hat Enterprise Linux 4.7, 5.2, and 5.3 Extended Update Support. This update has been rated as having critical security impact by the Red Hat Security Response Team. Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third party, the Key Distribution Center (KDC). Multiple integer underflow flaws, leading to heap-based corruption, were found in the way the MIT Kerberos Key Distribution Center (KDC) decrypted ciphertexts encrypted with the Advanced Encryption Standard (AES) and ARCFOUR (RC4) encryption algorithms. If a remote KDC client were able to provide a specially crafted AES- or RC4-encrypted ciphertext or texts, it could potentially lead to either a denial of service of the central KDC (KDC crash or abort upon processing the crafted ciphertext), or arbitrary code execution with the privileges of the KDC (i.e., root privileges). (CVE-2009-4212) All krb5 users should upgrade to these updated packages, which contain a backported patch to correct these issues. All running services using the MIT Kerberos libraries must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 43866
    published 2010-01-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43866
    title CentOS 3 / 4 / 5 : krb5 (CESA-2010:0029)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_KRB5-6775.NASL
    description Specially crafted AES and RC4 packets could allow unauthenticated remote attackers to trigger an integer overflow leads to heap memory corruption (CVE-2009-4212). This has been fixed.
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 44093
    published 2010-01-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44093
    title SuSE 10 Security Update : Kerberos 5 (ZYPP Patch Number 6775)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2010-006.NASL
    description A vulnerability has been found and corrected in krb5 : Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid (CVE-2009-4212). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 43881
    published 2010-01-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43881
    title Mandriva Linux Security Advisory : krb5 (MDVSA-2010:006)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2010-0009_REMOTE.NASL
    description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several components and third-party libraries : - libpng - VMnc Codec - vmrun - VMware Remote Console (VMrc) - VMware Tools - vmware-authd
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 89740
    published 2016-03-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89740
    title VMware ESX / ESXi Third-Party Libraries and Components (VMSA-2010-0009) (remote check)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2011-0015.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - Fix for (CVE-2011-4862) - incorporate a fix to teach the file labeling bits about when replay caches are expunged (#712453) - rebuild - ftp: handle larger command inputs (#665833) - don't bail halfway through an unlock operation when the result will be discarded and the end-result not cleaned up (Martin Osvald, #586032) - add a versioned dependency between krb5-server-ldap and krb5-libs (internal tooling) - don't discard the error code from an error message received in response to a change-password request (#658871, RT#6893) - ftpd: add patch from Jatin Nansi to correctly match restrict lines in /etc/ftpusers (#644215, RT#6889) - ftp: add modified patch from Rogan Kyuseok Lee to report the number of bytes transferred correctly when transferring large files on 32-bit systems (#648404) - backport fix for RT#6514: memory leak freeing rcache type none (#678205) - add upstream patch to fix hang or crash in the KDC when using the LDAP kdb backend (CVE-2011-0281, CVE-2011-0282, #671097) - incorporate upstream patch for checksum acceptance issues from MITKRB5-SA-2010-007 (CVE-2010-1323, #652308) - backport a fix to the previous change (#539423) - backport the k5login_directory and k5login_authoritative settings (#539423) - krshd: don't limit user names to 16 chars when utmp can handle names at least a bit longer than that (#611713) - fix a logic bug in computing key expiration times (RT#6762, #627038) - correct the post-rotate scriptlet in the kadmind logrotate config (more of #462658) - ftpd: backport changes to modify behavior to match telnetd,rshd,rlogind and accept GSSAPI auth to any service for which we have a matching key (#538075) - pull in fix for RT#5551 to treat the referral realm when seen in a ticket as though it were the local realm (#498554, also very likely #450122) - add aes256-cts:normal and aes128-cts:normal to the list of keysalts in the default kdc.conf (part of #565941) - add a note to kdc.conf(5) pointing to the admin guide for the list of recognized key and salt types (the rest of #565941) - add logrotate configuration files for krb5kdc and kadmind (#462658) - libgssapi: backport patch from svn to stop returning context-expired errors when the ticket which was used to set up the context expires (#605367, upstream #6739) - enable building the -server-ldap subpackage (#514362) - stop caring about the endianness of stash files (#514741), which will be replaced by proper keytab files in later releases - don't crash in krb5_get_init_creds_password if the passed-in options struct is NULL and the clients keys have expired (#555875) - ksu: perform PAM account and session management before dropping privileges to those of the target user (#540769 and #596887, respectively) - add candidate patch to correct libgssapi null pointer dereference which could be triggered by malformed client requests (CVE-2010-1321, #583704) - fix a null pointer dereference and crash introduced in our PAM patch that would happen if ftpd was given the name of a user who wasnt known to the local system, limited to being triggerable by gssapi-authenticated clients by the default xinetd config (Olivier Fourdan, #569472) - add upstream patch to fix a few use-after-free bugs, including one in kadmind (CVE-2010-0629, #578186) - merge patch to correct KDC integer overflows which could be triggered by malformed RC4 and AES ciphertexts (CVE-2009-4212, #546348) - pull changes to libkrb5 to properly handle and chase off-path referrals back from 1.7 (#546538) - add an auth stack to ksus PAM configuration so that it can successfully pam_setcred - also set PAM_RUSER in ksu for completeness (#479071+#477033) - fix various typos, except for bits pertaining to licensing (#499190) - kdb5_util: when renaming a database, if the new names associated lock files don't exist, go ahead and create them (#442879) - ksu: perform PAM account and session management for the target user authentication is still performed as before (#477033) - fix typo in ksus reporting of errors getting credentials (#462890) - kadmind.init: stop setting up a keytab, as kadminds been able to use the database directly for a while now (#473151) - pull up patch to set PAM_RHOST (James Leddy, #479071)
    last seen 2019-02-21
    modified 2018-11-05
    plugin id 79475
    published 2014-11-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79475
    title OracleVM 2.2 : krb5 (OVMSA-2011-0015)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-881-1.NASL
    description It was discovered that Kerberos did not correctly handle invalid AES blocks. An unauthenticated remote attacker could send specially crafted traffic that would crash the KDC service, leading to a denial of service, or possibly execute arbitrary code with root privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-23
    plugin id 43874
    published 2010-01-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43874
    title Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : krb5 vulnerability (USN-881-1)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2010-0009.NASL
    description a. Service Console update for COS kernel Updated COS package 'kernel' addresses the security issues that are fixed through versions 2.6.18-164.11.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-2695, CVE-2009-2908, CVE-2009-3228, CVE-2009-3286, CVE-2009-3547, CVE-2009-3613 to the security issues fixed in kernel 2.6.18-164.6.1 The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-3612, CVE-2009-3620, CVE-2009-3621, CVE-2009-3726 to the security issues fixed in kernel 2.6.18-164.9.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-4567, CVE-2009-4536, CVE-2009-4537, CVE-2009-4538 to the security issues fixed in kernel 2.6.18-164.10.1 The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2006-6304, CVE-2009-2910, CVE-2009-3080, CVE-2009-3556, CVE-2009-3889, CVE-2009-3939, CVE-2009-4020, CVE-2009-4021, CVE-2009-4138, CVE-2009-4141, and CVE-2009-4272 to the security issues fixed in kernel 2.6.18-164.11.1. b. ESXi userworld update for ntp The Network Time Protocol (NTP) is used to synchronize the time of a computer client or server to another server or reference time source. A vulnerability in ntpd could allow a remote attacker to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-3563 to this issue. c. Service Console package openssl updated to 0.9.8e-12.el5_4.1 OpenSSL is a toolkit implementing SSL v2/v3 and TLS protocols with full-strength cryptography world-wide. A memory leak in the zlib could allow a remote attacker to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-4355 to this issue. A vulnerability was discovered which may allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-2409 to this issue. This update also includes security fixes that were first addressed in version openssl-0.9.8e-12.el5.i386.rpm. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the names CVE-2009-0590, CVE-2009-1377, CVE-2009-1378, CVE-2009-1379, CVE-2009-1386 and CVE-2009-1387 to these issues. d. Service Console update for krb5 to 1.6.1-36.el5_4.1 and pam_krb5 to 2.2.14-15. Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. Multiple integer underflows in the AES and RC4 functionality in the crypto library could allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-4212 to this issue. The service console package for pam_krb5 is updated to version pam_krb5-2.2.14-15. This update fixes a flaw found in pam_krb5. In some non-default configurations (specifically, where pam_krb5 would be the first module to prompt for a password), a remote attacker could use this flaw to recognize valid usernames, which would aid a dictionary-based password guess attack. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-1384 to this issue. e. Service Console package bind updated to 9.3.6-4.P1.el5_4.2 BIND (Berkeley Internet Name Daemon) is by far the most widely used Domain Name System (DNS) software on the Internet. A vulnerability was discovered which could allow remote attacker to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0097 to this issue. A vulnerability was discovered which could allow remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains CNAME or DNAME records, which do not have the intended validation before caching. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0290 to this issue. A vulnerability was found in the way that bind handles out-of- bailiwick data accompanying a secure response without re-fetching from the original source, which could allow remote attackers to have an unspecified impact via a crafted response. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0382 to this issue. NOTE: ESX does not use the BIND name service daemon by default. f. Service Console package gcc updated to 3.2.3-60 The GNU Compiler Collection includes front ends for C, C++, Objective-C, Fortran, Java, and Ada, as well as libraries for these languages GNU Libtool's ltdl.c attempts to open .la library files in the current working directory. This could allow a local user to gain privileges via a Trojan horse file. The GNU C Compiler collection (gcc) provided in ESX contains a statically linked version of the vulnerable code, and is being replaced. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-3736 to this issue. g. Service Console package gzip update to 1.3.3-15.rhel3 gzip is a software application used for file compression An integer underflow in gzip's unlzw function on 64-bit platforms may allow a remote attacker to trigger an array index error leading to a denial of service (application crash) or possibly execute arbitrary code via a crafted LZW compressed file. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0001 to this issue. h. Service Console package sudo updated to 1.6.9p17-6.el5_4 Sudo (su 'do') allows a system administrator to delegate authority to give certain users (or groups of users) the ability to run some (or all) commands as root or another user while providing an audit trail of the commands and their arguments. When a pseudo-command is enabled, sudo permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0426 to this issue. When the runas_default option is used, sudo does not properly set group memberships, which allows local users to gain privileges via a sudo command. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0427 to this issue.
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 46765
    published 2010-06-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46765
    title VMSA-2010-0009 : ESXi ntp and ESX Service Console third-party updates
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0029.NASL
    description Updated krb5 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3, 4, and 5, and Red Hat Enterprise Linux 4.7, 5.2, and 5.3 Extended Update Support. This update has been rated as having critical security impact by the Red Hat Security Response Team. Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third party, the Key Distribution Center (KDC). Multiple integer underflow flaws, leading to heap-based corruption, were found in the way the MIT Kerberos Key Distribution Center (KDC) decrypted ciphertexts encrypted with the Advanced Encryption Standard (AES) and ARCFOUR (RC4) encryption algorithms. If a remote KDC client were able to provide a specially crafted AES- or RC4-encrypted ciphertext or texts, it could potentially lead to either a denial of service of the central KDC (KDC crash or abort upon processing the crafted ciphertext), or arbitrary code execution with the privileges of the KDC (i.e., root privileges). (CVE-2009-4212) All krb5 users should upgrade to these updated packages, which contain a backported patch to correct these issues. All running services using the MIT Kerberos libraries must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 43868
    published 2010-01-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43868
    title RHEL 3 / 4 / 5 : krb5 (RHSA-2010:0029)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1969.NASL
    description It was discovered that krb5, a system for authenticating users and services on a network, is prone to integer underflow in the AES and RC4 decryption operations of the crypto library. A remote attacker can cause crashes, heap corruption, or, under extraordinarily unlikely conditions, arbitrary code execution.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 44834
    published 2010-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44834
    title Debian DSA-1969-1 : krb5 - integer underflow
oval via4
  • accepted 2013-04-29T04:12:50.141-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    • comment The operating system installed on the system is Red Hat Enterprise Linux 5
      oval oval:org.mitre.oval:def:11414
    • comment The operating system installed on the system is CentOS Linux 5.x
      oval oval:org.mitre.oval:def:15802
    • comment Oracle Linux 5.x
      oval oval:org.mitre.oval:def:15459
    description Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid.
    family unix
    id oval:org.mitre.oval:def:11272
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid.
    version 24
  • accepted 2014-01-20T04:01:34.127-05:00
    class vulnerability
    contributors
    • name J. Daniel Brown
      organization DTCC
    • name Chris Coffin
      organization The MITRE Corporation
    definition_extensions
    comment VMware ESX Server 4.0 is installed
    oval oval:org.mitre.oval:def:6293
    description Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid.
    family unix
    id oval:org.mitre.oval:def:7357
    status accepted
    submitted 2010-06-01T17:30:00.000-05:00
    title MIT Kerberos AES and RC4 Decryption Integer Underflow Vulnerabilities
    version 8
  • accepted 2010-06-07T04:01:00.525-04:00
    class vulnerability
    contributors
    name Pai Peng
    organization Hewlett-Packard
    definition_extensions
    • comment Solaris 10 (SPARC) is installed
      oval oval:org.mitre.oval:def:1440
    • comment Solaris 10 (x86) is installed
      oval oval:org.mitre.oval:def:1926
    description Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid.
    family unix
    id oval:org.mitre.oval:def:8192
    status accepted
    submitted 2010-03-22T14:26:56.000-04:00
    title Integer Overflow Security Vulnerability in AES and RC4 Decryption in the Solaris Kerberos Crypto Library May Lead to Execution of Arbitrary Code or a Denial of Service (DoS)
    version 32
redhat via4
advisories
  • bugzilla
    id 545015
    title CVE-2009-4212 krb: KDC integer overflows in AES and RC4 decryption routines (MITKRB5-SA-2009-004)
    oval
    OR
    • AND
      • comment Red Hat Enterprise Linux 3 is installed
        oval oval:com.redhat.rhsa:tst:20060015001
      • OR
        • AND
          • comment krb5-devel is earlier than 0:1.2.7-71
            oval oval:com.redhat.rhsa:tst:20100029004
          • comment krb5-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070095007
        • AND
          • comment krb5-libs is earlier than 0:1.2.7-71
            oval oval:com.redhat.rhsa:tst:20100029002
          • comment krb5-libs is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070095003
        • AND
          • comment krb5-server is earlier than 0:1.2.7-71
            oval oval:com.redhat.rhsa:tst:20100029006
          • comment krb5-server is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070095009
        • AND
          • comment krb5-workstation is earlier than 0:1.2.7-71
            oval oval:com.redhat.rhsa:tst:20100029008
          • comment krb5-workstation is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070095005
    • AND
      • comment Red Hat Enterprise Linux 4 is installed
        oval oval:com.redhat.rhsa:tst:20060016001
      • OR
        • AND
          • comment krb5-devel is earlier than 0:1.3.4-62.el4_8.1
            oval oval:com.redhat.rhsa:tst:20100029014
          • comment krb5-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070095007
        • AND
          • comment krb5-libs is earlier than 0:1.3.4-62.el4_8.1
            oval oval:com.redhat.rhsa:tst:20100029012
          • comment krb5-libs is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070095003
        • AND
          • comment krb5-server is earlier than 0:1.3.4-62.el4_8.1
            oval oval:com.redhat.rhsa:tst:20100029013
          • comment krb5-server is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070095009
        • AND
          • comment krb5-workstation is earlier than 0:1.3.4-62.el4_8.1
            oval oval:com.redhat.rhsa:tst:20100029011
          • comment krb5-workstation is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070095005
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhsa:tst:20070055001
      • OR
        • AND
          • comment krb5-devel is earlier than 0:1.6.1-36.el5_4.1
            oval oval:com.redhat.rhsa:tst:20100029016
          • comment krb5-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070095021
        • AND
          • comment krb5-libs is earlier than 0:1.6.1-36.el5_4.1
            oval oval:com.redhat.rhsa:tst:20100029018
          • comment krb5-libs is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070095019
        • AND
          • comment krb5-server is earlier than 0:1.6.1-36.el5_4.1
            oval oval:com.redhat.rhsa:tst:20100029022
          • comment krb5-server is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070095023
        • AND
          • comment krb5-workstation is earlier than 0:1.6.1-36.el5_4.1
            oval oval:com.redhat.rhsa:tst:20100029020
          • comment krb5-workstation is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070095017
    rhsa
    id RHSA-2010:0029
    released 2010-01-12
    severity Critical
    title RHSA-2010:0029: krb5 security update (Critical)
  • rhsa
    id RHSA-2010:0095
rpms
  • krb5-devel-0:1.2.7-71
  • krb5-libs-0:1.2.7-71
  • krb5-server-0:1.2.7-71
  • krb5-workstation-0:1.2.7-71
  • krb5-devel-0:1.3.4-62.el4_8.1
  • krb5-libs-0:1.3.4-62.el4_8.1
  • krb5-server-0:1.3.4-62.el4_8.1
  • krb5-workstation-0:1.3.4-62.el4_8.1
  • krb5-devel-0:1.6.1-36.el5_4.1
  • krb5-libs-0:1.6.1-36.el5_4.1
  • krb5-server-0:1.6.1-36.el5_4.1
  • krb5-workstation-0:1.6.1-36.el5_4.1
refmap via4
apple APPLE-SA-2010-06-15-1
bid 37749
confirm
debian DSA-1969
fedora
  • FEDORA-2010-0503
  • FEDORA-2010-0515
hp
  • HPSBOV02682
  • SSRT100495
mandriva MDVSA-2010:006
sectrack 1023440
secunia
  • 38080
  • 38108
  • 38126
  • 38140
  • 38184
  • 38203
  • 38696
  • 40220
sunalert
  • 1021779
  • 275530
ubuntu USN-881-1
vupen
  • ADV-2010-0096
  • ADV-2010-0129
  • ADV-2010-1481
Last major update 06-09-2011 - 23:03
Published 13-01-2010 - 14:30
Last modified 18-09-2017 - 21:29
Back to Top