5

CVE-2009-0845

Exploit

EPSS 29.28%
Published 27.03.2009 16:30:02
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token.

Affected products Warnungen 0 Metrics 2 CWE 1 References 47

Data is provided by the National Vulnerability Database (NVD)

Mit ≫ Kerberos Version5-1.6.3

Mit ≫ Kerberos 5 Version1.5

Mit ≫ Kerberos 5 Version1.5.1

Mit ≫ Kerberos 5 Version1.5.2

Mit ≫ Kerberos 5 Version1.5.3

Mit ≫ Kerberos 5 Version1.6

Mit ≫ Kerberos 5 Version1.6.1

Mit ≫ Kerberos 5 Version1.6.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	29.28%	0.961

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.apple.com/archives/security-announce/2009/May/msg00002.html

http://secunia.com/advisories/35074

Vendor Advisory

http://support.apple.com/kb/HT3549

http://www.us-cert.gov/cas/techalerts/TA09-133A.html

US Government Resource

http://www.vupen.com/english/advisories/2009/1297

http://krbdev.mit.edu/rt/Ticket/Display.html?user=guest&pass=guest&id=6402

http://secunia.com/advisories/34347

Vendor Advisory

http://secunia.com/advisories/34594

http://secunia.com/advisories/34617

http://secunia.com/advisories/34622

http://secunia.com/advisories/34628

http://secunia.com/advisories/34630

http://secunia.com/advisories/34637

http://secunia.com/advisories/34640

http://secunia.com/advisories/34734

http://security.gentoo.org/glsa/glsa-200904-09.xml

http://src.mit.edu/fisheye/browse/krb5/trunk/src/lib/gssapi/spnego/spnego_mech.c?r1=21875&r2=22084

Exploit

http://src.mit.edu/fisheye/changelog/krb5/?cs=22084

Vendor Advisory

http://sunsolve.sun.com/search/document.do?assetkey=1-26-256728-1

http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm

http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html

http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-001.txt

http://wiki.rpath.com/Advisories:rPSA-2009-0058

http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058

http://www-01.ibm.com/support/docview.wss?uid=swg21396120

http://www.kb.cert.org/vuls/id/662091

US Government Resource

http://www.mandriva.com/security/advisories?name=MDVSA-2009:082

http://www.redhat.com/support/errata/RHSA-2009-0408.html

http://www.securityfocus.com/archive/1/502526/100/0/threaded

http://www.securityfocus.com/archive/1/502546/100/0/threaded

http://www.securityfocus.com/bid/34257

http://www.securitytracker.com/id?1021867

http://www.ubuntu.com/usn/usn-755-1

http://www.vupen.com/english/advisories/2009/0847

Vendor Advisory

http://www.vupen.com/english/advisories/2009/0976

http://www.vupen.com/english/advisories/2009/1057

http://www.vupen.com/english/advisories/2009/1106

http://www.vupen.com/english/advisories/2009/2248

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/49448

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10044

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6449

https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00205.html

https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00206.html

https://nvd.nist.gov/vuln/detail/CVE-2009-0845

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-0845

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-0845

EUVD