CVE-2009-0845

krb5: NULL pointer dereference in GSSAPI SPNEGO (MITKRB5-SA-2009-001)

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token.

La función spnego_gss_accept_sec_context en lib/gssapi/spnego/spnego_mech.c en MIT Kerberos 5 (conocido como krb5) v.1.6.3, cuando se utiliza SPNEGO, permite a atacantes remotos provocar una denegación de servicio (referencia a puntero nulo y caída de la aplicación) mediante datos "ContextFlags" inválidos en el campo "reqFlags" en el token negTokenInit.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2009-03-06 CVE Reserved
2009-03-27 CVE Published
2024-08-07 CVE Updated
2024-08-07 First Exploit
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-20: Improper Input Validation
CWE-476: NULL Pointer Dereference

CAPEC

References (46)

URL	Tag	Source
http://krbdev.mit.edu/rt/Ticket/Display.html?user=guest&pass=guest&id=6402	X_refsource_confirm
http://secunia.com/advisories/34594	Third Party Advisory
http://secunia.com/advisories/34617	Third Party Advisory
http://secunia.com/advisories/34622	Third Party Advisory
http://secunia.com/advisories/34628	Third Party Advisory
http://secunia.com/advisories/34630	Third Party Advisory
http://secunia.com/advisories/34637	Third Party Advisory
http://secunia.com/advisories/34640	Third Party Advisory
http://secunia.com/advisories/34734	Third Party Advisory
http://support.apple.com/kb/HT3549	X_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm	X_refsource_confirm
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html	X_refsource_misc
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html	X_refsource_misc
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-001.txt	X_refsource_confirm
http://wiki.rpath.com/Advisories:rPSA-2009-0058	X_refsource_confirm
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058	X_refsource_misc
http://www-01.ibm.com/support/docview.wss?uid=swg21396120	X_refsource_confirm
http://www.kb.cert.org/vuls/id/662091	Third Party Advisory
http://www.securityfocus.com/archive/1/502526/100/0/threaded	Mailing List
http://www.securityfocus.com/archive/1/502546/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/34257	Vdb Entry
http://www.securitytracker.com/id?1021867	Vdb Entry
http://www.us-cert.gov/cas/techalerts/TA09-133A.html	Third Party Advisory
http://www.vupen.com/english/advisories/2009/0976	Vdb Entry
http://www.vupen.com/english/advisories/2009/1057	Vdb Entry
http://www.vupen.com/english/advisories/2009/1106	Vdb Entry
http://www.vupen.com/english/advisories/2009/1297	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/49448	Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10044	Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6449	Signature

URL	Date	SRC
http://src.mit.edu/fisheye/browse/krb5/trunk/src/lib/gssapi/spnego/spnego_mech.c?r1=21875&r2=22084	2024-08-07

URL	Date	SRC

URL	Date	SRC
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html	2020-01-21
http://secunia.com/advisories/34347	2020-01-21
http://secunia.com/advisories/35074	2020-01-21
http://security.gentoo.org/glsa/glsa-200904-09.xml	2020-01-21
http://src.mit.edu/fisheye/changelog/krb5/?cs=22084	2020-01-21
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256728-1	2020-01-21
http://www.mandriva.com/security/advisories?name=MDVSA-2009:082	2020-01-21
http://www.redhat.com/support/errata/RHSA-2009-0408.html	2020-01-21
http://www.ubuntu.com/usn/usn-755-1	2020-01-21
http://www.vupen.com/english/advisories/2009/0847	2020-01-21
http://www.vupen.com/english/advisories/2009/2248	2020-01-21
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00205.html	2020-01-21
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00206.html	2020-01-21
https://access.redhat.com/security/cve/CVE-2009-0845	2009-04-07
https://bugzilla.redhat.com/show_bug.cgi?id=490634	2009-04-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Mit Search vendor "Mit"		Kerberos Search vendor "Mit" for product "Kerberos"				5-1.6.3 Search vendor "Mit" for product "Kerberos" and version "5-1.6.3"		-		Affected
Mit Search vendor "Mit"		Kerberos 5 Search vendor "Mit" for product "Kerberos 5"				1.5 Search vendor "Mit" for product "Kerberos 5" and version "1.5"		-		Affected
Mit Search vendor "Mit"		Kerberos 5 Search vendor "Mit" for product "Kerberos 5"				1.5.1 Search vendor "Mit" for product "Kerberos 5" and version "1.5.1"		-		Affected
Mit Search vendor "Mit"		Kerberos 5 Search vendor "Mit" for product "Kerberos 5"				1.5.2 Search vendor "Mit" for product "Kerberos 5" and version "1.5.2"		-		Affected
Mit Search vendor "Mit"		Kerberos 5 Search vendor "Mit" for product "Kerberos 5"				1.5.3 Search vendor "Mit" for product "Kerberos 5" and version "1.5.3"		-		Affected
Mit Search vendor "Mit"		Kerberos 5 Search vendor "Mit" for product "Kerberos 5"				1.6 Search vendor "Mit" for product "Kerberos 5" and version "1.6"		-		Affected
Mit Search vendor "Mit"		Kerberos 5 Search vendor "Mit" for product "Kerberos 5"				1.6.1 Search vendor "Mit" for product "Kerberos 5" and version "1.6.1"		-		Affected
Mit Search vendor "Mit"		Kerberos 5 Search vendor "Mit" for product "Kerberos 5"				1.6.2 Search vendor "Mit" for product "Kerberos 5" and version "1.6.2"		-		Affected