NVD

Id
48159  
Name
CVE-2009-0844  
Description
The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that triggers a buffer over-read.  
Reject
 
CVSS Version
2  
CVSS Score
5.8  
Severity
Medium  
CVSS Base Score
5.8  
CVSS Impact Subscore
4.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:N/A:P)  
Pub Date
2017-01-07  
Published
2009-04-08  
Modified Date
2010-08-21  
Seq
2009-0844  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
241914 48159 CVE-2009-0844 APPLE-SA-2009-05-12  View
241915 48159 CVE-2009-0844 oval:org.mitre.oval:def:6339  View
241916 48159 CVE-2009-0844 oval:org.mitre.oval:def:9474  View
241917 48159 CVE-2009-0844 GLSA-200904-09  View
241918 48159 CVE-2009-0844 256728  View
241919 48159 CVE-2009-0844 http://support.apple.com/kb/HT3549  View
241920 48159 CVE-2009-0844 http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm  View
241921 48159 CVE-2009-0844 http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html  View
241922 48159 CVE-2009-0844 http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html  View
241923 48159 CVE-2009-0844 http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-001.txt  View
241924 48159 CVE-2009-0844 http://wiki.rpath.com/Advisories:rPSA-2009-0058  View
241925 48159 CVE-2009-0844 http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058  View
241926 48159 CVE-2009-0844 http://www-01.ibm.com/support/docview.wss?uid=swg21396120  View
241927 48159 CVE-2009-0844 VU#662091  View
241928 48159 CVE-2009-0844 MDVSA-2009:098  View
241929 48159 CVE-2009-0844 RHSA-2009:0408  View
241930 48159 CVE-2009-0844 20090407 MITKRB5-SA-2009-001: multiple vulnerabilities in SPNEGO, ASN.1 decoder [CVE-2009-0844 CVE-2009-0845 CVE-2009-0847]  View
241931 48159 CVE-2009-0844 20090407 rPSA-2009-0058-1 krb5 krb5-server krb5-services krb5-test krb5-workstation  View
241932 48159 CVE-2009-0844 34408  View
241933 48159 CVE-2009-0844 1021867  View
241934 48159 CVE-2009-0844 USN-755-1  View
241935 48159 CVE-2009-0844 TA09-133A  View
241936 48159 CVE-2009-0844 ADV-2009-0960  View
241937 48159 CVE-2009-0844 ADV-2009-0976  View
241938 48159 CVE-2009-0844 ADV-2009-1057  View
241939 48159 CVE-2009-0844 ADV-2009-1106  View
241940 48159 CVE-2009-0844 ADV-2009-1297  View
241941 48159 CVE-2009-0844 ADV-2009-2248  View
241942 48159 CVE-2009-0844 FEDORA-2009-2834  View
241943 48159 CVE-2009-0844 FEDORA-2009-2852  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
40182 JVNDB-2009-001188 MIT Kerberos の SPNEGO 実装におけるサービス運用妨害 (DoS) の脆弱性 MIT Kerberos の SPNEGO 実装にある get_input_token 関数には、length 値の処理に不備があるため、サービス運用妨害 (DoS) 状態となる、および重要な情報を取得される脆弱性が存在します。 CVE-2009-0844 38275 CVE-2009-0844 48159 5.8 http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001188.html 2009-04-07 2010-12-07 View