Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2009-0845

Disclosure Date: March 27, 2009
CVE-2009-0845
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

References

Canonical
CVE-2009-0845 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0845)
BID-34257 (http://www.securityfocus.com/bid/34257)
Advisory
20090407 MITKRB5-SA-2009-001: multiple vulnerabilities in SPNEGO, ASN.1 decoder [CVE-2009-0844 CVE-2009-0845 CVE-2009-0847] (http://www.securityfocus.com/archive/1/502526/100/0/threaded)
VU#662091 (http://www.kb.cert.org/vuls/id/662091)
ADV-2009-0847 (http://www.vupen.com/english/advisories/2009/0847)
SECUNIA-34347 (http://secunia.com/advisories/34347)
http://support.apple.com/kb/HT3549
http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm
http://src.mit.edu/fisheye/browse/krb5/trunk/src/lib/gssapi/spnego/spnego_mech.c?r1=21875&r2=22084
http://www.redhat.com/support/errata/RHSA-2009-0408.html
SECUNIA-34637 (http://secunia.com/advisories/34637)
SECUNIA-34640 (http://secunia.com/advisories/34640)
SECUNIA-35074 (http://secunia.com/advisories/35074)
http://www.mandriva.com/security/advisories?name=MDVSA-2009:082
SUNALERT-256728 (http://sunsolve.sun.com/search/document.do?assetkey=1-26-256728-1)
GLSA-200904-09 (http://security.gentoo.org/glsa/glsa-200904-09.xml)
ADV-2009-0976 (http://www.vupen.com/english/advisories/2009/0976)
APPLE-SA-2009-05-12 (http://lists.apple.com/archives/security-announce/2009/May/msg00002.html)
USN-755-1 (http://www.ubuntu.com/usn/usn-755-1)
SECUNIA-34630 (http://secunia.com/advisories/34630)
http://www-01.ibm.com/support/docview.wss?uid=swg21396120
ADV-2009-1057 (http://www.vupen.com/english/advisories/2009/1057)
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-001.txt
SECUNIA-34617 (http://secunia.com/advisories/34617)
SECUNIA-34628 (http://secunia.com/advisories/34628)
SECUNIA-34734 (http://secunia.com/advisories/34734)
XF-kerberos-spnego-dos(49448) (https://exchange.xforce.ibmcloud.com/vulnerabilities/49448)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6449
ADV-2009-2248 (http://www.vupen.com/english/advisories/2009/2248)
TA09-133A (http://www.us-cert.gov/cas/techalerts/TA09-133A.html)
ADV-2009-1297 (http://www.vupen.com/english/advisories/2009/1297)
SECUNIA-34622 (http://secunia.com/advisories/34622)
http://krbdev.mit.edu/rt/Ticket/Display.html?user=guest&pass=guest&id=6402
FEDORA-2009-2852 (https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00206.html)
SECTRACK-1021867 (http://www.securitytracker.com/id?1021867)
FEDORA-2009-2834 (https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00205.html)
http://wiki.rpath.com/Advisories:rPSA-2009-0058
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10044
http://src.mit.edu/fisheye/changelog/krb5?cs=22084
20090407 rPSA-2009-0058-1 krb5 krb5-server krb5-services krb5-test krb5-workstation (http://www.securityfocus.com/archive/1/502546/100/0/threaded)
SECUNIA-34594 (http://secunia.com/advisories/34594)
ADV-2009-1106 (http://www.vupen.com/english/advisories/2009/1106)
Miscellaneous
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis