CVE-2009-4212 – krb: KDC integer overflows in AES and RC4 decryption routines (MITKRB5-SA-2009-004)
https://notcve.org/view.php?id=CVE-2009-4212
Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid. Múltiples vulnerabilidades de desbordamiento de entero en la funcionalidad de desencriptado AES y RC4 en la biblioteca crypto en MIT Kerberos 5 (también conocido comokrb5) v1.3 a la v1.6.3, y 1.7 anterior a v1.7.1, permite a atacantes remotos provocar una denegación de servición (caída de demonio) o posiblemente la ejecución de código de su elección facilitando texto cifrado (ciphertext) con un tamaño menor al válido. • http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033915.html http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033919.html http://marc.info/?l=bugtraq&m=130497213107107&w=2 http://secunia.com/advisories/38080 http://secunia.com/advisories/38108 http://secunia.com/advisories/38126 http://secunia.com/advisories/38140 http://secunia.com/advisories/38184 http://secunia.com • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-189: Numeric Errors •
CVE-2009-0847
https://notcve.org/view.php?id=CVE-2009-0847
The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service (application crash) via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations with pointer arithmetic. La función asnbuf_imbed en el decodificador ASN.1 en MIT Kerberos 5 (también conocido como krb5) v1.6.3 cuando se usa PK-INIT, permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través de un valor length modificado que provoca una llamada malloc errónea, relativo a cálculo erróneos con punto aritmético. • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://marc.info/?l=bugtraq&m=124896429301168&w=2 http://secunia.com/advisories/34594 http://secunia.com/advisories/34617 http://secunia.com/advisories/34622 http://secunia.com/advisories/34628 http://secunia.com/advisories/34637 http://secunia.com/advisories/34640 http://secunia.com/advisories/34734 http://secunia.com/advisories/35074 http://security.gentoo.org/glsa/glsa-200904-09.xml http://sun • CWE-189: Numeric Errors •
CVE-2009-0844 – krb5: buffer over-read in SPNEGO GSS-API mechanism (MITKRB5-SA-2009-001)
https://notcve.org/view.php?id=CVE-2009-0844
The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that triggers a buffer over-read. La función get_input_token en la implementación SPNEGO de MIT Kerberos 5 (también conocido como krb5) v1.5 hasta v1.6.3 permite a atacantes remotos provocar una denegación de servicio (caída del demonio) y posiblemente obtener información sensible a través de un valor length modificado que dispara una sobrescritura del búfer. • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://secunia.com/advisories/34594 http://secunia.com/advisories/34617 http://secunia.com/advisories/34622 http://secunia.com/advisories/34628 http://secunia.com/advisories/34630 http://secunia.com/advisories/34637 http://secunia.com/advisories/34640 http://secunia.com/advisories/34734 http://secunia.com/advisories/35074 http://security.gentoo.org/glsa/glsa-200904-09.xml http://sunsolve.sun.com/search • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-0845 – krb5: NULL pointer dereference in GSSAPI SPNEGO (MITKRB5-SA-2009-001)
https://notcve.org/view.php?id=CVE-2009-0845
The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token. La función spnego_gss_accept_sec_context en lib/gssapi/spnego/spnego_mech.c en MIT Kerberos 5 (conocido como krb5) v.1.6.3, cuando se utiliza SPNEGO, permite a atacantes remotos provocar una denegación de servicio (referencia a puntero nulo y caída de la aplicación) mediante datos "ContextFlags" inválidos en el campo "reqFlags" en el token negTokenInit. • http://krbdev.mit.edu/rt/Ticket/Display.html?user=guest&pass=guest&id=6402 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://secunia.com/advisories/34347 http://secunia.com/advisories/34594 http://secunia.com/advisories/34617 http://secunia.com/advisories/34622 http://secunia.com/advisories/34628 http://secunia.com/advisories/34630 http://secunia.com/advisories/34637 http://secunia.com/advisories/34640 http://secunia.com/advisories/34734 http: • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •