Executive Summary

Informations
Name CVE-2004-0644 First vendor Publication 2004-09-28
Vendor Cve Last vendor Modification 2010-08-21

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The asn1buf_skiptail function in the ASN.1 decoder library for MIT Kerberos 5 (krb5) 1.2.2 through 1.3.4 allows remote attackers to cause a denial of service (infinite loop) via a certain BER encoding.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0644

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:2139
 
Oval ID: oval:org.mitre.oval:def:2139
Title: Kerberos 5 ASN.1 Library DoS
Description: The asn1buf_skiptail function in the ASN.1 decoder library for MIT Kerberos 5 (krb5) 1.2.2 through 1.3.4 allows remote attackers to cause a denial of service (infinite loop) via a certain BER encoding.
Family: unix Class: vulnerability
Reference(s): CVE-2004-0644
Version: 1
Platform(s): Sun Solaris 9
Product(s): Kerberos5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10014
 
Oval ID: oval:org.mitre.oval:def:10014
Title: The asn1buf_skiptail function in the ASN.1 decoder library for MIT Kerberos 5 (krb5) 1.2.2 through 1.3.4 allows remote attackers to cause a denial of service (infinite loop) via a certain BER encoding.
Description: The asn1buf_skiptail function in the ASN.1 decoder library for MIT Kerberos 5 (krb5) 1.2.2 through 1.3.4 allows remote attackers to cause a denial of service (infinite loop) via a certain BER encoding.
Family: unix Class: vulnerability
Reference(s): CVE-2004-0644
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application13

OpenVAS Exploits

DateDescription
2008-09-24Name : Gentoo Security Advisory GLSA 200409-09 (mit-krb5)
File : nvt/glsa_200409_09.nasl
2008-09-04Name : FreeBSD Ports: krb5
File : nvt/freebsd_krb51.nasl
2008-01-17Name : Debian Security Advisory DSA 543-1 (krb5)
File : nvt/deb_543_1.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
9406MIT Kerberos 5 ASN.1 Decoder DoS

Nessus® Vulnerability Scanner

DateDescription
2009-04-23Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_bd60922bfb8d11d8a13e000a95bc6fae.nasl - Type : ACT_GATHER_INFO
2004-12-02Name : The remote host is missing a Mac OS X update that fixes a security issue.
File : macosx_SecUpd20041202.nasl - Type : ACT_GATHER_INFO
2004-09-29Name : The remote Debian host is missing a security-related update.
File : debian_DSA-543.nasl - Type : ACT_GATHER_INFO
2004-09-07Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2004-088.nasl - Type : ACT_GATHER_INFO
2004-09-06Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200409-09.nasl - Type : ACT_GATHER_INFO
2004-09-01Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2004-350.nasl - Type : ACT_GATHER_INFO
2004-09-01Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2004-448.nasl - Type : ACT_GATHER_INFO
2004-08-31Name : The remote Fedora Core host is missing a security update.
File : fedora_2004-276.nasl - Type : ACT_GATHER_INFO
2004-08-31Name : The remote Fedora Core host is missing a security update.
File : fedora_2004-277.nasl - Type : ACT_GATHER_INFO
2004-07-06Name : The remote host is using an unsupported version of Mac OS X.
File : macosx_version.nasl - Type : ACT_GATHER_INFO
2003-04-03Name : It may be possible to execute arbitrary code on the remote Kerberos server.
File : kerberos5_issues.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/11079
BUGTRAQ http://marc.theaimsgroup.com/?l=bugtraq&m=109508872524753&w=2
CERT http://www.us-cert.gov/cas/techalerts/TA04-247A.html
CERT-VN http://www.kb.cert.org/vuls/id/550464
CONECTIVA http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000860
CONFIRM http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2004-003-asn1.txt
DEBIAN http://www.debian.org/security/2004/dsa-543
GENTOO http://www.gentoo.org/security/en/glsa/glsa-200409-09.xml
REDHAT http://rhn.redhat.com/errata/RHSA-2004-350.html
TRUSTIX http://www.trustix.net/errata/2004/0045/
XF http://xforce.iss.net/xforce/xfdb/17160

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2014-02-17 10:27:47
  • Multiple Updates
2013-05-11 11:42:12
  • Multiple Updates