Executive Summary

Informations
Name MDVSA-2009:082 First vendor Publication 2009-03-30
Vendor Mandriva Last vendor Modification 2009-03-30
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token (CVE-2009-0845).

This update provides the fix for that security issue.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2009:082

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10044
 
Oval ID: oval:org.mitre.oval:def:10044
Title: The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token.
Description: The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0845
 Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6449
 
Oval ID: oval:org.mitre.oval:def:6449
Title: Kerberos GSS-API SPNEGO Null Pointer Dereference and Invalid Memory Access Bugs Let Remote Denial of Service
Description: The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0845
 Version: 5
Platform(s): VMWare ESX Server 3
VMWare ESX Server 3.5
VMWare ESX Server 4.0
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 7

OpenVAS Exploits

Date Description
2012-03-15 Name : VMSA-2010-0016 VMware ESXi and ESX third party updates for Service Console an...
File : nvt/gb_VMSA-2010-0016.nasl
2011-08-09 Name : CentOS Update for krb5-devel CESA-2009:0408 centos5 i386
File : nvt/gb_CESA-2009_0408_krb5-devel_centos5_i386.nasl
2010-05-12 Name : Mac OS X 10.5.7 Update / Mac OS X Security Update 2009-002
File : nvt/macosx_upd_10_5_7_secupd_2009-002.nasl
2010-02-03 Name : Solaris Update for kinit 141501-06
File : nvt/gb_solaris_141501_06.nasl
2010-02-03 Name : Solaris Update for kinit 141500-05
File : nvt/gb_solaris_141500_05.nasl
2009-12-14 Name : Mandriva Security Advisory MDVSA-2009:098-1 (krb5)
File : nvt/mdksa_2009_098_1.nasl
2009-11-17 Name : Mac OS X Version
File : nvt/macosx_version.nasl
2009-10-13 Name : Solaris Update for pam_krb5.so.1 140074-09
File : nvt/gb_solaris_140074_09.nasl
2009-10-13 Name : SLES10: Security update for Kerberos
File : nvt/sles10_krb5.nasl
2009-10-13 Name : Solaris Update for pam_krb5.so.1 140130-10
File : nvt/gb_solaris_140130_10.nasl
2009-10-13 Name : Solaris Update for krb5, gss 112908-36
File : nvt/gb_solaris_112908_36.nasl
2009-10-13 Name : Solaris Update for Supplemental Encryption Kerberos V5 112390-15
File : nvt/gb_solaris_112390_15.nasl
2009-10-13 Name : Solaris Update for Supplemental Encryption Kerberos V5 112240-14
File : nvt/gb_solaris_112240_14.nasl
2009-10-11 Name : SLES11: Security update for Kerberos
File : nvt/sles11_krb5.nasl
2009-09-23 Name : Solaris Update for pam_krb5.so.1 140074-08
File : nvt/gb_solaris_140074_08.nasl
2009-09-23 Name : Solaris Update for pam_krb5.so.1 140130-09
File : nvt/gb_solaris_140130_09.nasl
2009-09-23 Name : Solaris Update for krb5, gss 115168-21
File : nvt/gb_solaris_115168_21.nasl
2009-05-05 Name : Mandrake Security Advisory MDVSA-2009:098 (krb5)
File : nvt/mdksa_2009_098.nasl
2009-04-15 Name : Ubuntu USN-755-1 (krb5)
File : nvt/ubuntu_755_1.nasl
2009-04-15 Name : SuSE Security Advisory SUSE-SA:2009:019 (krb5)
File : nvt/suse_sa_2009_019.nasl
2009-04-15 Name : CentOS Security Advisory CESA-2009:0408 (krb5)
File : nvt/ovcesa2009_0408.nasl
2009-04-15 Name : RedHat Security Advisory RHSA-2009:0408
File : nvt/RHSA_2009_0408.nasl
2009-04-15 Name : Gentoo Security Advisory GLSA 200904-09 (mit-krb5)
File : nvt/glsa_200904_09.nasl
2009-04-15 Name : Fedora Core 10 FEDORA-2009-2852 (krb5)
File : nvt/fcore_2009_2852.nasl
2009-04-15 Name : Fedora Core 9 FEDORA-2009-2834 (krb5)
File : nvt/fcore_2009_2834.nasl
2009-04-15 Name : Debian Security Advisory DSA 1766-1 (krb5)
File : nvt/deb_1766_1.nasl
2009-04-06 Name : Mandrake Security Advisory MDVSA-2009:082 (krb5)
File : nvt/mdksa_2009_082.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
52963 MIT Kerberos 5 (krb5) SPNEGO GSS-API Mechanism spnego_gss_accept_sec_context(...

Nessus® Vulnerability Scanner

Date Description
2016-03-03 Name : The remote host is missing a security-related patch.
File : vmware_VMSA-2009-0008_remote.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2009-0003.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-0410.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-0409.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-0408.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090407_krb5_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2010-11-16 Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2010-0016.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-0409.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-0408.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_krb5-6140.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_krb5-090406.nasl - Type : ACT_GATHER_INFO
2009-07-27 Name : The remote VMware ESX host is missing a security-related patch.
File : vmware_VMSA-2009-0008.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_krb5-090406.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_krb5-090406.nasl - Type : ACT_GATHER_INFO
2009-05-13 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_10_5_7.nasl - Type : ACT_GATHER_INFO
2009-04-28 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-098.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-082.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Fedora host is missing a security update.
File : fedora_2009-2852.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-755-1.nasl - Type : ACT_GATHER_INFO
2009-04-11 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200904-09.nasl - Type : ACT_GATHER_INFO
2009-04-09 Name : The remote openSUSE host is missing a security update.
File : suse_krb5-6139.nasl - Type : ACT_GATHER_INFO
2009-04-09 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1766.nasl - Type : ACT_GATHER_INFO
2009-04-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0409.nasl - Type : ACT_GATHER_INFO
2009-04-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0410.nasl - Type : ACT_GATHER_INFO
2009-04-08 Name : The remote Fedora host is missing a security update.
File : fedora_2009-2834.nasl - Type : ACT_GATHER_INFO
2009-04-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0408.nasl - Type : ACT_GATHER_INFO
2009-04-08 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-0410.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:40:09
  • Multiple Updates