CVE-2009-0844

krb5: buffer over-read in SPNEGO GSS-API mechanism (MITKRB5-SA-2009-001)

Severity Score

9.1

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that triggers a buffer over-read.

La función get_input_token en la implementación SPNEGO de MIT Kerberos 5 (también conocido como krb5) v1.5 hasta v1.6.3 permite a atacantes remotos provocar una denegación de servicio (caída del demonio) y posiblemente obtener información sensible a través de un valor length modificado que dispara una sobrescritura del búfer.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2009-03-06 CVE Reserved
2009-04-09 CVE Published
2024-08-07 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CAPEC

References (41)

URL	Tag	Source
http://secunia.com/advisories/34594	Third Party Advisory
http://secunia.com/advisories/34617	Third Party Advisory
http://secunia.com/advisories/34622	Third Party Advisory
http://secunia.com/advisories/34628	Third Party Advisory
http://secunia.com/advisories/34630	Third Party Advisory
http://secunia.com/advisories/34637	Third Party Advisory
http://secunia.com/advisories/34640	Third Party Advisory
http://secunia.com/advisories/34734	Third Party Advisory
http://secunia.com/advisories/35074	Third Party Advisory
http://support.apple.com/kb/HT3549	X_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm	X_refsource_confirm
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html	X_refsource_misc
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html	X_refsource_misc
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-001.txt	X_refsource_confirm
http://wiki.rpath.com/Advisories:rPSA-2009-0058	X_refsource_confirm
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058	X_refsource_misc
http://www-01.ibm.com/support/docview.wss?uid=swg21396120	X_refsource_confirm
http://www.kb.cert.org/vuls/id/662091	Third Party Advisory
http://www.securityfocus.com/archive/1/502526/100/0/threaded	Mailing List
http://www.securityfocus.com/archive/1/502546/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/34408	Vdb Entry
http://www.securitytracker.com/id?1021867	Vdb Entry
http://www.us-cert.gov/cas/techalerts/TA09-133A.html	Third Party Advisory
http://www.vupen.com/english/advisories/2009/0960	Vdb Entry
http://www.vupen.com/english/advisories/2009/0976	Vdb Entry
http://www.vupen.com/english/advisories/2009/1057	Vdb Entry
http://www.vupen.com/english/advisories/2009/1106	Vdb Entry
http://www.vupen.com/english/advisories/2009/1297	Vdb Entry
http://www.vupen.com/english/advisories/2009/2248	Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6339	Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9474	Signature

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html	2020-01-21
http://security.gentoo.org/glsa/glsa-200904-09.xml	2020-01-21
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256728-1	2020-01-21
http://www.mandriva.com/security/advisories?name=MDVSA-2009:098	2020-01-21
http://www.redhat.com/support/errata/RHSA-2009-0408.html	2020-01-21
http://www.ubuntu.com/usn/usn-755-1	2020-01-21
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00205.html	2020-01-21
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00206.html	2020-01-21
https://access.redhat.com/security/cve/CVE-2009-0844	2009-04-07
https://bugzilla.redhat.com/show_bug.cgi?id=491033	2009-04-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Mit Search vendor "Mit"		Kerberos Search vendor "Mit" for product "Kerberos"				5-1.6.3 Search vendor "Mit" for product "Kerberos" and version "5-1.6.3"		-		Affected
Mit Search vendor "Mit"		Kerberos 5 Search vendor "Mit" for product "Kerberos 5"				-		-		Affected
Mit Search vendor "Mit"		Kerberos 5 Search vendor "Mit" for product "Kerberos 5"				1.5 Search vendor "Mit" for product "Kerberos 5" and version "1.5"		-		Affected
Mit Search vendor "Mit"		Kerberos 5 Search vendor "Mit" for product "Kerberos 5"				1.5.1 Search vendor "Mit" for product "Kerberos 5" and version "1.5.1"		-		Affected
Mit Search vendor "Mit"		Kerberos 5 Search vendor "Mit" for product "Kerberos 5"				1.5.2 Search vendor "Mit" for product "Kerberos 5" and version "1.5.2"		-		Affected
Mit Search vendor "Mit"		Kerberos 5 Search vendor "Mit" for product "Kerberos 5"				1.5.3 Search vendor "Mit" for product "Kerberos 5" and version "1.5.3"		-		Affected
Mit Search vendor "Mit"		Kerberos 5 Search vendor "Mit" for product "Kerberos 5"				1.6 Search vendor "Mit" for product "Kerberos 5" and version "1.6"		-		Affected
Mit Search vendor "Mit"		Kerberos 5 Search vendor "Mit" for product "Kerberos 5"				1.6.1 Search vendor "Mit" for product "Kerberos 5" and version "1.6.1"		-		Affected
Mit Search vendor "Mit"		Kerberos 5 Search vendor "Mit" for product "Kerberos 5"				1.6.2 Search vendor "Mit" for product "Kerberos 5" and version "1.6.2"		-		Affected