- Home
- CVEs with nessus.description==The remote VMware ESX host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities :
- An out-of-bounds read error exists in the MIT Kerberos SPNEGO implementation in the get_input_token() function.
A remote attacker can exploit this, via a crafted length value, to cause a denial of service or to obtain access to sensitive information. (CVE-2009-0844)
- A NULL pointer dereference flaw exists in MIT Kerberos in the spnego_gss_accept_sec_context() function when SPNEGO is used. A remote attacker can exploit this, via invalid ContextFlags data in the 'reqFlags' field within a 'negTokenInit' token, to cause a denial of service.
(CVE-2009-0845)
- A flaw exists in the MIT Kerberos ASN.1 GeneralizedTime decoder in the asn1_decode_generaltime() function. A remote attacker can exploit this, via vectors involving invalid DER encoding, to free an uninitialized pointer, resulting in a denial of service or the execution of arbitrary code. (CVE-2009-0846)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top