CVE-2009-4212
First published: Mon Dec 07 2009(Updated: )
Integer underflow flaws, leading to heap-based corruption, were found in the way MIT Kerberos Key Distribution Center (KDC) used to decrypt ciphertexts encrypted with Advanced Encryption Standard (AES) and ARCFOUR (RC4) encryption algorithms. A remote KDC client could provide a specially-crafted AES or RC4 encrypted ciphertext(s), which once processed by a central KDC would lead to denial of service (KDC crash or abort) or, potentially, to KDC relying authentication services compromise or arbitrary code execution with the privileges of the KDC centre. Upstream advisory (not available yet): -------------------------------------- <a href="http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-004.txt">http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-004.txt</a> Upstream patches (not available yet): ------------------------------------- <a href="http://web.mit.edu/kerberos/advisories/2009-004-patch_1.7.txt">http://web.mit.edu/kerberos/advisories/2009-004-patch_1.7.txt</a> <a href="http://web.mit.edu/kerberos/advisories/2009-004-patch_1.6.3.txt">http://web.mit.edu/kerberos/advisories/2009-004-patch_1.6.3.txt</a>
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| MIT Kerberos | =5-1.6.3 | |
| MIT Kerberos 5 | =1.3 | |
| MIT Kerberos 5 | =1.3.1 | |
| MIT Kerberos 5 | =1.3.2 | |
| MIT Kerberos 5 | =1.3.3 | |
| MIT Kerberos 5 | =1.3.4 | |
| MIT Kerberos 5 | =1.3.5 | |
| MIT Kerberos 5 | =1.3.6 | |
| MIT Kerberos 5 | =1.4 | |
| MIT Kerberos 5 | =1.4.1 | |
| MIT Kerberos 5 | =1.4.2 | |
| MIT Kerberos 5 | =1.4.3 | |
| MIT Kerberos 5 | =1.4.4 | |
| MIT Kerberos 5 | =1.5 | |
| MIT Kerberos 5 | =1.5.1 | |
| MIT Kerberos 5 | =1.5.2 | |
| MIT Kerberos 5 | =1.5.3 | |
| MIT Kerberos 5 | =1.6 | |
| MIT Kerberos 5 | =1.6.1 | |
| MIT Kerberos 5 | =1.6.2 | |
| MIT Kerberos 5 | =1.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-004.txt
- https://rhn.redhat.com/errata/RHSA-2010-0029.html
- https://bugzilla.redhat.com/show_bug.cgi?id=545015
- http://www.vupen.com/english/advisories/2010/0129
- http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033919.html
- http://secunia.com/advisories/38140
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:006
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-275530-1
- http://secunia.com/advisories/38203
- http://www.debian.org/security/2010/dsa-1969
- http://secunia.com/advisories/38108
- http://secunia.com/advisories/38184
- http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033915.html
- https://rhn.redhat.com/errata/RHSA-2010-0095.html
- http://support.avaya.com/css/P8/documents/100074869
- http://secunia.com/advisories/38696
- http://www.securitytracker.com/id?1023440
- http://www.securityfocus.com/bid/37749
- http://secunia.com/advisories/38080
- http://ubuntu.com/usn/usn-881-1
- http://www.vupen.com/english/advisories/2010/0096
- http://secunia.com/advisories/38126
- http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021779.1-1
- http://www.vupen.com/english/advisories/2010/1481
- http://support.apple.com/kb/HT4188
- http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html
- http://secunia.com/advisories/40220
- http://marc.info/?l=bugtraq&m=130497213107107&w=2
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8192
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7357
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11272
- http://web.mit.edu/kerberos/advisories/2009-004-patch_1.7.txt
- http://web.mit.edu/kerberos/advisories/2009-004-patch_1.6.3.txt
- http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2009-004.txt
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/references
- agent/event
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2009-4212
- agent/tags
- agent/trending
- vendor/mit
- canonical/mit kerberos
- version/mit kerberos/5-1.6.3
- canonical/mit kerberos 5
- version/mit kerberos 5/1.3
- version/mit kerberos 5/1.3.1
- version/mit kerberos 5/1.3.2
- version/mit kerberos 5/1.3.3
- version/mit kerberos 5/1.3.4
- version/mit kerberos 5/1.3.5
- version/mit kerberos 5/1.3.6
- version/mit kerberos 5/1.4
- version/mit kerberos 5/1.4.1
- version/mit kerberos 5/1.4.2
- version/mit kerberos 5/1.4.3
- version/mit kerberos 5/1.4.4
- version/mit kerberos 5/1.5
- version/mit kerberos 5/1.5.1
- version/mit kerberos 5/1.5.2
- version/mit kerberos 5/1.5.3
- version/mit kerberos 5/1.6
- version/mit kerberos 5/1.6.1
- version/mit kerberos 5/1.6.2
- version/mit kerberos 5/1.7