Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

0

CVE-2009-4212

Disclosure Date: January 13, 2010 •

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

mit

Products

kerberos 5 1.3,
kerberos 5 1.3.1,
kerberos 5 1.3.2,
kerberos 5 1.3.3,
kerberos 5 1.3.4,
kerberos 5 1.3.5,
kerberos 5 1.3.6,
kerberos 5 1.4,
kerberos 5 1.4.1,
kerberos 5 1.4.2,
kerberos 5 1.4.3,
kerberos 5 1.4.4,
kerberos 5 1.5,
kerberos 5 1.5.1,
kerberos 5 1.5.2,
kerberos 5 1.5.3,
kerberos 5 1.6,
kerberos 5 1.6.1,
kerberos 5 1.6.2,
kerberos 5 1.7,
kerberos 5-1.6.3

References

Canonical

CVE-2009-4212 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4212)

BID-37749 (http://www.securityfocus.com/bid/37749)

Advisory

APPLE-SA-2010-06-15-1 (http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html)

SECUNIA-38140 (http://secunia.com/advisories/38140)

ADV-2010-0096 (http://www.vupen.com/english/advisories/2010/0096)

http://support.avaya.com/css/P8/documents/100074869

SECUNIA-38126 (http://secunia.com/advisories/38126)

DSA-1969 (http://www.debian.org/security/2010/dsa-1969)

ADV-2010-1481 (http://www.vupen.com/english/advisories/2010/1481)

USN-881-1 (http://ubuntu.com/usn/usn-881-1)

SSRT100495 (http://marc.info?l=bugtraq&m=130497213107107&w=2)

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-004.txt

FEDORA-2010-0503 (http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033915.html)

http://www.mandriva.com/security/advisories?name=MDVSA-2010:006

SECTRACK-1023440 (http://www.securitytracker.com/id?1023440)

SECUNIA-38080 (http://secunia.com/advisories/38080)

SUNALERT-275530 (http://sunsolve.sun.com/search/document.do?assetkey=1-66-275530-1)

SUNALERT-1021779 (http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021779.1-1)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8192

SECUNIA-38203 (http://secunia.com/advisories/38203)

https://bugzilla.redhat.com/show_bug.cgi?id=545015

FEDORA-2010-0515 (http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033919.html)

http://support.apple.com/kb/HT4188

SECUNIA-40220 (http://secunia.com/advisories/40220)

SECUNIA-38108 (http://secunia.com/advisories/38108)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11272

https://rhn.redhat.com/errata/RHSA-2010-0029.html

https://rhn.redhat.com/errata/RHSA-2010-0095.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7357

SECUNIA-38696 (http://secunia.com/advisories/38696)

ADV-2010-0129 (http://www.vupen.com/english/advisories/2010/0129)

SECUNIA-38184 (http://secunia.com/advisories/38184)

Rapid7

Technical Analysis