Debian 5.0: DSA-1766-1 Critical: Kerberos Remote Exploits
debian
April 9, 2009
Several vulnerabilities have been found in the MIT reference implementation of Kerberos V5, a system for authenticating users and services on a network
Topics Covered
Summary
Several vulnerabilities have been found in the MIT reference implementation
of Kerberos V5, a system for authenticating users and services on a network.
The Common Vulnerabilities and Exposures project identified the following
problems:
The Apple Product Security team discovered that the SPNEGO GSS-API mechanism
suffers of a missing bounds check when reading a network input buffer which
results in an invalid read crashing the application or possibly leaking
information (CVE-2009-0844).
Under certain conditions the SPNEGO GSS-API mechanism references a null pointer
which crashes the application using the library (CVE-2009-0845).
An incorrect length check inside the ASN.1 decoder of the MIT krb5
implementation allows an unauthenticated remote attacker to crash of the kinit
or KDC program (CVE-2009-0847).
Under certain conditions the the ASN.1 decoder of the MIT krb5 implementation
frees an uninitialized pointer which could lead to denial of service and
possibly arbitrary code execution (CVE-2009-0846).
...
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
Package: krb5
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!