Vulnerability-Lookup

CVE-2009-4212 (GCVE-0-2009-4212)

Vulnerability from cvelistv5 – Published: 2010-01-13 19:00 – Updated: 2024-08-07 06:54

Summary

Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://secunia.com/advisories/38140	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2010/0096	vdb-entryx_refsource_VUPEN
	http://support.avaya.com/css/P8/documents/100074869	x_refsource_CONFIRM
	http://secunia.com/advisories/38126	third-party-advisoryx_refsource_SECUNIA
	http://www.debian.org/security/2010/dsa-1969	vendor-advisoryx_refsource_DEBIAN
	http://www.vupen.com/english/advisories/2010/1481	vdb-entryx_refsource_VUPEN
	http://ubuntu.com/usn/usn-881-1	vendor-advisoryx_refsource_UBUNTU
	http://marc.info/?l=bugtraq&m=130497213107107&w=2	vendor-advisoryx_refsource_HP
	http://web.mit.edu/kerberos/advisories/MITKRB5-SA…	x_refsource_CONFIRM
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://www.securitytracker.com/id?1023440	vdb-entryx_refsource_SECTRACK
	http://secunia.com/advisories/38080	third-party-advisoryx_refsource_SECUNIA
	http://sunsolve.sun.com/search/document.do?assetk…	vendor-advisoryx_refsource_SUNALERT
	http://sunsolve.sun.com/search/document.do?assetk…	vendor-advisoryx_refsource_SUNALERT
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://secunia.com/advisories/38203	third-party-advisoryx_refsource_SECUNIA
	https://bugzilla.redhat.com/show_bug.cgi?id=545015	x_refsource_CONFIRM
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	http://support.apple.com/kb/HT4188	x_refsource_CONFIRM
	http://secunia.com/advisories/40220	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/38108	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/bid/37749	vdb-entryx_refsource_BID
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	https://rhn.redhat.com/errata/RHSA-2010-0029.html	vendor-advisoryx_refsource_REDHAT
	https://rhn.redhat.com/errata/RHSA-2010-0095.html	vendor-advisoryx_refsource_REDHAT
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://secunia.com/advisories/38696	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2010/0129	vdb-entryx_refsource_VUPEN
	http://marc.info/?l=bugtraq&m=130497213107107&w=2	vendor-advisoryx_refsource_HP
	http://secunia.com/advisories/38184	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:54:10.078Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "APPLE-SA-2010-06-15-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
          },
          {
            "name": "38140",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38140"
          },
          {
            "name": "ADV-2010-0096",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0096"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100074869"
          },
          {
            "name": "38126",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38126"
          },
          {
            "name": "DSA-1969",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2010/dsa-1969"
          },
          {
            "name": "ADV-2010-1481",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1481"
          },
          {
            "name": "USN-881-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://ubuntu.com/usn/usn-881-1"
          },
          {
            "name": "SSRT100495",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=130497213107107\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-004.txt"
          },
          {
            "name": "FEDORA-2010-0503",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033915.html"
          },
          {
            "name": "MDVSA-2010:006",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:006"
          },
          {
            "name": "1023440",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023440"
          },
          {
            "name": "38080",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38080"
          },
          {
            "name": "275530",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-275530-1"
          },
          {
            "name": "1021779",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021779.1-1"
          },
          {
            "name": "oval:org.mitre.oval:def:8192",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8192"
          },
          {
            "name": "38203",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38203"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=545015"
          },
          {
            "name": "FEDORA-2010-0515",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033919.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4188"
          },
          {
            "name": "40220",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40220"
          },
          {
            "name": "38108",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38108"
          },
          {
            "name": "37749",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/37749"
          },
          {
            "name": "oval:org.mitre.oval:def:11272",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11272"
          },
          {
            "name": "RHSA-2010:0029",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://rhn.redhat.com/errata/RHSA-2010-0029.html"
          },
          {
            "name": "RHSA-2010:0095",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
          },
          {
            "name": "oval:org.mitre.oval:def:7357",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7357"
          },
          {
            "name": "38696",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38696"
          },
          {
            "name": "ADV-2010-0129",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0129"
          },
          {
            "name": "HPSBOV02682",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=130497213107107\u0026w=2"
          },
          {
            "name": "38184",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38184"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-01-12T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "APPLE-SA-2010-06-15-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
        },
        {
          "name": "38140",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38140"
        },
        {
          "name": "ADV-2010-0096",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0096"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100074869"
        },
        {
          "name": "38126",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38126"
        },
        {
          "name": "DSA-1969",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2010/dsa-1969"
        },
        {
          "name": "ADV-2010-1481",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1481"
        },
        {
          "name": "USN-881-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://ubuntu.com/usn/usn-881-1"
        },
        {
          "name": "SSRT100495",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=130497213107107\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-004.txt"
        },
        {
          "name": "FEDORA-2010-0503",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033915.html"
        },
        {
          "name": "MDVSA-2010:006",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:006"
        },
        {
          "name": "1023440",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023440"
        },
        {
          "name": "38080",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38080"
        },
        {
          "name": "275530",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-275530-1"
        },
        {
          "name": "1021779",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021779.1-1"
        },
        {
          "name": "oval:org.mitre.oval:def:8192",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8192"
        },
        {
          "name": "38203",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38203"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=545015"
        },
        {
          "name": "FEDORA-2010-0515",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033919.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4188"
        },
        {
          "name": "40220",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40220"
        },
        {
          "name": "38108",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38108"
        },
        {
          "name": "37749",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/37749"
        },
        {
          "name": "oval:org.mitre.oval:def:11272",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11272"
        },
        {
          "name": "RHSA-2010:0029",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://rhn.redhat.com/errata/RHSA-2010-0029.html"
        },
        {
          "name": "RHSA-2010:0095",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
        },
        {
          "name": "oval:org.mitre.oval:def:7357",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7357"
        },
        {
          "name": "38696",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38696"
        },
        {
          "name": "ADV-2010-0129",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0129"
        },
        {
          "name": "HPSBOV02682",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=130497213107107\u0026w=2"
        },
        {
          "name": "38184",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38184"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-4212",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "APPLE-SA-2010-06-15-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
            },
            {
              "name": "38140",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38140"
            },
            {
              "name": "ADV-2010-0096",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/0096"
            },
            {
              "name": "http://support.avaya.com/css/P8/documents/100074869",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/css/P8/documents/100074869"
            },
            {
              "name": "38126",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38126"
            },
            {
              "name": "DSA-1969",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2010/dsa-1969"
            },
            {
              "name": "ADV-2010-1481",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/1481"
            },
            {
              "name": "USN-881-1",
              "refsource": "UBUNTU",
              "url": "http://ubuntu.com/usn/usn-881-1"
            },
            {
              "name": "SSRT100495",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=130497213107107\u0026w=2"
            },
            {
              "name": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-004.txt",
              "refsource": "CONFIRM",
              "url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-004.txt"
            },
            {
              "name": "FEDORA-2010-0503",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033915.html"
            },
            {
              "name": "MDVSA-2010:006",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:006"
            },
            {
              "name": "1023440",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1023440"
            },
            {
              "name": "38080",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38080"
            },
            {
              "name": "275530",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-275530-1"
            },
            {
              "name": "1021779",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021779.1-1"
            },
            {
              "name": "oval:org.mitre.oval:def:8192",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8192"
            },
            {
              "name": "38203",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38203"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=545015",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=545015"
            },
            {
              "name": "FEDORA-2010-0515",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033919.html"
            },
            {
              "name": "http://support.apple.com/kb/HT4188",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT4188"
            },
            {
              "name": "40220",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/40220"
            },
            {
              "name": "38108",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38108"
            },
            {
              "name": "37749",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/37749"
            },
            {
              "name": "oval:org.mitre.oval:def:11272",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11272"
            },
            {
              "name": "RHSA-2010:0029",
              "refsource": "REDHAT",
              "url": "https://rhn.redhat.com/errata/RHSA-2010-0029.html"
            },
            {
              "name": "RHSA-2010:0095",
              "refsource": "REDHAT",
              "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
            },
            {
              "name": "oval:org.mitre.oval:def:7357",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7357"
            },
            {
              "name": "38696",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38696"
            },
            {
              "name": "ADV-2010-0129",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/0129"
            },
            {
              "name": "HPSBOV02682",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=130497213107107\u0026w=2"
            },
            {
              "name": "38184",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38184"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-4212",
    "datePublished": "2010-01-13T19:00:00.000Z",
    "dateReserved": "2009-12-04T00:00:00.000Z",
    "dateUpdated": "2024-08-07T06:54:10.078Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2010-AVI-553

Vulnerability from certfr_avis - Published: 2010-11-17 - Updated: 2010-11-17

De multiples vulnérabilités sont présentes dans VMware ESX et ESXi. L'exploitation réussie de celles-ci permet entre autres l'exécution de code arbitraire à distance.

Description

Une mise à jour du noyau de Service Console OS corrige les vulnérabilités suivantes:

CVE-2010-0291 (élévation de privilèges et déni de service)
CVE-2010-0307 (déni de service)
CVE-2010-0415 (déni de service)
CVE-2010-0622 (déni de service)
CVE-2010-1087 (déni de service)
CVE-2010-1088 (impact non défini)
CVE-2010-1437 (déni de service)

La version 4.0 de VMware ESX est impactée mais le correctif n'est pas encore disponible à la date de rédaction de cet avis.

De même une mise à jour des paquets likewise corrige les vulnérabilités suivantes:

CVE-2009-0844 (déni de service à distance)
CVE-2009-0845 (déni de service à distance)
CVE-2009-0846 (exécution de code arbitraire à distance)
CVE-2009-4212 (exécution de code arbitraire à distance)
CVE-2010-1321 (déni de service)

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	VMware	ESXi	VMware ESXi version 4.1.
	VMware	ESXi	VMware ESX versions 4.0 et 4.1 ;

References

Title

Publication Time

Tags

Bulletin de sécurité VMware VMSA-2010-0016 du 15 novembre 2010	None	vendor-advisory
Bulletin de sécurité VMware VMSA-2010-0016 du 15 novembre 2010	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMware ESXi version 4.1.",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX versions 4.0 et 4.1 ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne mise \u00e0 jour du noyau de Service Console OS corrige les\nvuln\u00e9rabilit\u00e9s suivantes:\n\n-   CVE-2010-0291 (\u00e9l\u00e9vation de privil\u00e8ges et d\u00e9ni de service)\n-   CVE-2010-0307 (d\u00e9ni de service)\n-   CVE-2010-0415 (d\u00e9ni de service)\n-   CVE-2010-0622 (d\u00e9ni de service)\n-   CVE-2010-1087 (d\u00e9ni de service)\n-   CVE-2010-1088 (impact non d\u00e9fini)\n-   CVE-2010-1437 (d\u00e9ni de service)\n\nLa version 4.0 de VMware ESX est impact\u00e9e mais le correctif n\u0027est pas\nencore disponible \u00e0 la date de r\u00e9daction de cet avis.\n\nDe m\u00eame une mise \u00e0 jour des paquets likewise corrige les vuln\u00e9rabilit\u00e9s\nsuivantes:\n\n-   CVE-2009-0844 (d\u00e9ni de service \u00e0 distance)\n-   CVE-2009-0845 (d\u00e9ni de service \u00e0 distance)\n-   CVE-2009-0846 (ex\u00e9cution de code arbitraire \u00e0 distance)\n-   CVE-2009-4212 (ex\u00e9cution de code arbitraire \u00e0 distance)\n-   CVE-2010-1321 (d\u00e9ni de service)\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-0846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0846"
    },
    {
      "name": "CVE-2010-0415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0415"
    },
    {
      "name": "CVE-2010-1321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1321"
    },
    {
      "name": "CVE-2010-0622",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0622"
    },
    {
      "name": "CVE-2010-0307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0307"
    },
    {
      "name": "CVE-2010-0291",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0291"
    },
    {
      "name": "CVE-2010-1087",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1087"
    },
    {
      "name": "CVE-2010-1088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1088"
    },
    {
      "name": "CVE-2009-0844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0844"
    },
    {
      "name": "CVE-2010-1437",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1437"
    },
    {
      "name": "CVE-2009-0845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0845"
    },
    {
      "name": "CVE-2009-4212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4212"
    }
  ],
  "initial_release_date": "2010-11-17T00:00:00",
  "last_revision_date": "2010-11-17T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2010-0016 du 15 novembre    2010",
      "url": "http://lists.vmware.com/pipermail/security-announce/2010/000108.html"
    }
  ],
  "reference": "CERTA-2010-AVI-553",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-11-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans \u003cspan\nclass=\"textit\"\u003eVMware\u003c/span\u003e \u003cspan class=\"textit\"\u003eESX\u003c/span\u003e et \u003cspan\nclass=\"textit\"\u003eESXi\u003c/span\u003e. L\u0027exploitation r\u00e9ussie de celles-ci permet\nentre autres l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans VMWare ESX et ESXi",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2010-0016 du 15 novembre 2010",
      "url": null
    }
  ]
}

CERTA-2010-AVI-265

Vulnerability from certfr_avis - Published: 2010-06-16 - Updated: 2010-06-16

De multiples vulnérabilité ont été découvertes dans Mac OS X. L'exploitation de ces vulnérabilités permet de réaliser un grand nombre d'actions malveillantes.

Description

Ces vulnérabilités touchent de nombreux logiciels faisant partis du système Mac OS X. Elles permettent à une personne malveillante de réaliser un grand nombre d'actions malveillantes, dont l'exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Mac OS X 10.6 (Snow Leopard) versions antérieures à 10.6.4.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apple du 15 juin 2010	None	vendor-advisory
Bulletin de sécurité Apple HT4188 du 15 juin 2010 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eMac OS X 10.6 (Snow Leopard) versions  ant\u00e9rieures \u00e0 10.6.4.\u003c/p\u003e",
  "content": "## Description\n\nCes vuln\u00e9rabilit\u00e9s touchent de nombreux logiciels faisant partis du\nsyst\u00e8me Mac OS X. Elles permettent \u00e0 une personne malveillante de\nr\u00e9aliser un grand nombre d\u0027actions malveillantes, dont l\u0027ex\u00e9cution de\ncode arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-1578",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1578"
    },
    {
      "name": "CVE-2010-0540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0540"
    },
    {
      "name": "CVE-2010-1380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1380"
    },
    {
      "name": "CVE-2010-0734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0734"
    },
    {
      "name": "CVE-2010-0283",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0283"
    },
    {
      "name": "CVE-2010-1374",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1374"
    },
    {
      "name": "CVE-2009-1580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1580"
    },
    {
      "name": "CVE-2010-0543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0543"
    },
    {
      "name": "CVE-2010-0546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0546"
    },
    {
      "name": "CVE-2010-0545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0545"
    },
    {
      "name": "CVE-2009-1581",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1581"
    },
    {
      "name": "CVE-2010-1748",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1748"
    },
    {
      "name": "CVE-2009-1579",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1579"
    },
    {
      "name": "CVE-2009-2964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2964"
    },
    {
      "name": "CVE-2010-0186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0186"
    },
    {
      "name": "CVE-2010-0302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0302"
    },
    {
      "name": "CVE-2010-1320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1320"
    },
    {
      "name": "CVE-2010-1379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1379"
    },
    {
      "name": "CVE-2010-1382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1382"
    },
    {
      "name": "CVE-2010-1377",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1377"
    },
    {
      "name": "CVE-2010-0541",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0541"
    },
    {
      "name": "CVE-2010-1375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1375"
    },
    {
      "name": "CVE-2010-0187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0187"
    },
    {
      "name": "CVE-2010-1376",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1376"
    },
    {
      "name": "CVE-2010-1411",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1411"
    },
    {
      "name": "CVE-2010-1381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1381"
    },
    {
      "name": "CVE-2010-1373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1373"
    },
    {
      "name": "CVE-2009-4212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4212"
    },
    {
      "name": "CVE-2009-1382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1382"
    }
  ],
  "initial_release_date": "2010-06-16T00:00:00",
  "last_revision_date": "2010-06-16T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT4188 du 15 juin 2010 :",
      "url": "http://support.apple.com/kb/HT4188"
    }
  ],
  "reference": "CERTA-2010-AVI-265",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-06-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9 ont \u00e9t\u00e9 d\u00e9couvertes dans Mac OS X.\nL\u0027exploitation de ces vuln\u00e9rabilit\u00e9s permet de r\u00e9aliser un grand nombre\nd\u0027actions malveillantes.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple Mac OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple du 15 juin 2010",
      "url": null
    }
  ]
}

CERTA-2010-AVI-013

Vulnerability from certfr_avis - Published: 2010-01-13 - Updated: 2010-01-13

Une vulnérabilité dans MIT Kerberos permet à une personne malintentionnée d'exécuter du code arbitraire à distance.

Description

Une erreur dans les opérations de déchiffrement AES et RC4 de la bibliothèque cryptographique de MIT Kerberos permet à une personne distante malintentionnée d'exécuter du code arbitraire.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

MIT Kerberos version 1.3 et postérieures.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité MIT Kerberos MITKRB5-SA-2009-004 du 12 janvier 2010	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-881-1 du 12 janvier 2010 :	-	other
Bulletin de sécurité Debian DSA 1969-1 du 12 janvier 2010 :	-	other
Bulletin de sécurité RedHat RHSA-2010:0029 du 12 janvier 2010 :	-	other
Bulletin de sécurité MIT Kerberos MITKRB5-SA-2009-004 du 12 janvier 2010 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eMIT Kerberos version 1.3 et post\u00e9rieures.\u003c/P\u003e",
  "content": "## Description\n\nUne erreur dans les op\u00e9rations de d\u00e9chiffrement AES et RC4 de la\nbiblioth\u00e8que cryptographique de MIT Kerberos permet \u00e0 une personne\ndistante malintentionn\u00e9e d\u0027ex\u00e9cuter du code arbitraire.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-4212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4212"
    }
  ],
  "initial_release_date": "2010-01-13T00:00:00",
  "last_revision_date": "2010-01-13T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-881-1 du 12 janvier 2010 :",
      "url": "http://www.ubuntulinux.org/usn/usn-881-1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA 1969-1 du 12 janvier 2010 :",
      "url": "http://www.debian.org/security/2010/dsa-1969-1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2010:0029 du 12 janvier    2010 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2010-0029.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 MIT Kerberos MITKRB5-SA-2009-004 du 12    janvier 2010 :",
      "url": "http://web.mit.edu/kerberos/www/advisories/MITKBR5-SA-2009-004.txt"
    }
  ],
  "reference": "CERTA-2010-AVI-013",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-01-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans MIT Kerberos permet \u00e0 une personne\nmalintentionn\u00e9e d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans MIT Kerberos",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 MIT Kerberos MITKRB5-SA-2009-004 du 12 janvier 2010",
      "url": null
    }
  ]
}

GHSA-39CV-J24W-8WVF

Vulnerability from github – Published: 2022-05-02 03:52 – Updated: 2022-05-02 03:52

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-4212"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-01-13T19:30:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid.",
  "id": "GHSA-39cv-j24w-8wvf",
  "modified": "2022-05-02T03:52:43Z",
  "published": "2022-05-02T03:52:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4212"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=545015"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11272"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7357"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8192"
    },
    {
      "type": "WEB",
      "url": "https://rhn.redhat.com/errata/RHSA-2010-0029.html"
    },
    {
      "type": "WEB",
      "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033915.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033919.html"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=130497213107107\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38080"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38108"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38126"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38140"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38184"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38203"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38696"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/40220"
    },
    {
      "type": "WEB",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-275530-1"
    },
    {
      "type": "WEB",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021779.1-1"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT4188"
    },
    {
      "type": "WEB",
      "url": "http://support.avaya.com/css/P8/documents/100074869"
    },
    {
      "type": "WEB",
      "url": "http://ubuntu.com/usn/usn-881-1"
    },
    {
      "type": "WEB",
      "url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-004.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2010/dsa-1969"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:006"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/37749"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1023440"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/0096"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/0129"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/1481"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2009-4212

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2009-4212

Aliases

CVE-2009-4212

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-4212",
    "description": "Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid.",
    "id": "GSD-2009-4212",
    "references": [
      "https://www.suse.com/security/cve/CVE-2009-4212.html",
      "https://www.debian.org/security/2010/dsa-1969",
      "https://access.redhat.com/errata/RHSA-2010:0029",
      "https://linux.oracle.com/cve/CVE-2009-4212.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-4212"
      ],
      "details": "Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid.",
      "id": "GSD-2009-4212",
      "modified": "2023-12-13T01:19:45.373412Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2009-4212",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "APPLE-SA-2010-06-15-1",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
          },
          {
            "name": "38140",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/38140"
          },
          {
            "name": "ADV-2010-0096",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2010/0096"
          },
          {
            "name": "http://support.avaya.com/css/P8/documents/100074869",
            "refsource": "CONFIRM",
            "url": "http://support.avaya.com/css/P8/documents/100074869"
          },
          {
            "name": "38126",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/38126"
          },
          {
            "name": "DSA-1969",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2010/dsa-1969"
          },
          {
            "name": "ADV-2010-1481",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2010/1481"
          },
          {
            "name": "USN-881-1",
            "refsource": "UBUNTU",
            "url": "http://ubuntu.com/usn/usn-881-1"
          },
          {
            "name": "SSRT100495",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=130497213107107\u0026w=2"
          },
          {
            "name": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-004.txt",
            "refsource": "CONFIRM",
            "url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-004.txt"
          },
          {
            "name": "FEDORA-2010-0503",
            "refsource": "FEDORA",
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033915.html"
          },
          {
            "name": "MDVSA-2010:006",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:006"
          },
          {
            "name": "1023440",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1023440"
          },
          {
            "name": "38080",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/38080"
          },
          {
            "name": "275530",
            "refsource": "SUNALERT",
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-275530-1"
          },
          {
            "name": "1021779",
            "refsource": "SUNALERT",
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021779.1-1"
          },
          {
            "name": "oval:org.mitre.oval:def:8192",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8192"
          },
          {
            "name": "38203",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/38203"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=545015",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=545015"
          },
          {
            "name": "FEDORA-2010-0515",
            "refsource": "FEDORA",
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033919.html"
          },
          {
            "name": "http://support.apple.com/kb/HT4188",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT4188"
          },
          {
            "name": "40220",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/40220"
          },
          {
            "name": "38108",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/38108"
          },
          {
            "name": "37749",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/37749"
          },
          {
            "name": "oval:org.mitre.oval:def:11272",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11272"
          },
          {
            "name": "RHSA-2010:0029",
            "refsource": "REDHAT",
            "url": "https://rhn.redhat.com/errata/RHSA-2010-0029.html"
          },
          {
            "name": "RHSA-2010:0095",
            "refsource": "REDHAT",
            "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
          },
          {
            "name": "oval:org.mitre.oval:def:7357",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7357"
          },
          {
            "name": "38696",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/38696"
          },
          {
            "name": "ADV-2010-0129",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2010/0129"
          },
          {
            "name": "HPSBOV02682",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=130497213107107\u0026w=2"
          },
          {
            "name": "38184",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/38184"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mit:kerberos_5:1.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mit:kerberos_5:1.3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mit:kerberos_5:1.4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mit:kerberos_5:1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mit:kerberos_5:1.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mit:kerberos_5:1.3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mit:kerberos_5:1.3.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mit:kerberos_5:1.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mit:kerberos_5:1.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mit:kerberos_5:1.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mit:kerberos_5:1.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mit:kerberos_5:1.4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mit:kerberos_5:1.4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mit:kerberos_5:1.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mit:kerberos:5-1.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mit:kerberos_5:1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mit:kerberos_5:1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mit:kerberos_5:1.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mit:kerberos_5:1.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mit:kerberos_5:1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mit:kerberos_5:1.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-4212"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-189"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-004.txt",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-004.txt"
            },
            {
              "name": "RHSA-2010:0029",
              "refsource": "REDHAT",
              "tags": [],
              "url": "https://rhn.redhat.com/errata/RHSA-2010-0029.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=545015",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=545015"
            },
            {
              "name": "ADV-2010-0129",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2010/0129"
            },
            {
              "name": "FEDORA-2010-0515",
              "refsource": "FEDORA",
              "tags": [],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033919.html"
            },
            {
              "name": "38140",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/38140"
            },
            {
              "name": "MDVSA-2010:006",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:006"
            },
            {
              "name": "275530",
              "refsource": "SUNALERT",
              "tags": [],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-275530-1"
            },
            {
              "name": "38203",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/38203"
            },
            {
              "name": "DSA-1969",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2010/dsa-1969"
            },
            {
              "name": "38108",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/38108"
            },
            {
              "name": "38184",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/38184"
            },
            {
              "name": "FEDORA-2010-0503",
              "refsource": "FEDORA",
              "tags": [],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033915.html"
            },
            {
              "name": "RHSA-2010:0095",
              "refsource": "REDHAT",
              "tags": [],
              "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
            },
            {
              "name": "http://support.avaya.com/css/P8/documents/100074869",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.avaya.com/css/P8/documents/100074869"
            },
            {
              "name": "38696",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/38696"
            },
            {
              "name": "1023440",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1023440"
            },
            {
              "name": "37749",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/37749"
            },
            {
              "name": "38080",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/38080"
            },
            {
              "name": "USN-881-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://ubuntu.com/usn/usn-881-1"
            },
            {
              "name": "ADV-2010-0096",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2010/0096"
            },
            {
              "name": "38126",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/38126"
            },
            {
              "name": "1021779",
              "refsource": "SUNALERT",
              "tags": [],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021779.1-1"
            },
            {
              "name": "ADV-2010-1481",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2010/1481"
            },
            {
              "name": "http://support.apple.com/kb/HT4188",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.apple.com/kb/HT4188"
            },
            {
              "name": "APPLE-SA-2010-06-15-1",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
            },
            {
              "name": "40220",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/40220"
            },
            {
              "name": "SSRT100495",
              "refsource": "HP",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=130497213107107\u0026w=2"
            },
            {
              "name": "oval:org.mitre.oval:def:8192",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8192"
            },
            {
              "name": "oval:org.mitre.oval:def:7357",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7357"
            },
            {
              "name": "oval:org.mitre.oval:def:11272",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11272"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2020-01-21T15:45Z",
      "publishedDate": "2010-01-13T19:30Z"
    }
  }
}

FKIE_CVE-2009-4212

Vulnerability from fkie_nvd - Published: 2010-01-13 19:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033915.html
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033919.html
cve@mitre.org	http://marc.info/?l=bugtraq&m=130497213107107&w=2
cve@mitre.org	http://secunia.com/advisories/38080
cve@mitre.org	http://secunia.com/advisories/38108
cve@mitre.org	http://secunia.com/advisories/38126
cve@mitre.org	http://secunia.com/advisories/38140
cve@mitre.org	http://secunia.com/advisories/38184
cve@mitre.org	http://secunia.com/advisories/38203
cve@mitre.org	http://secunia.com/advisories/38696
cve@mitre.org	http://secunia.com/advisories/40220
cve@mitre.org	http://sunsolve.sun.com/search/document.do?assetkey=1-66-275530-1
cve@mitre.org	http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021779.1-1
cve@mitre.org	http://support.apple.com/kb/HT4188
cve@mitre.org	http://support.avaya.com/css/P8/documents/100074869
cve@mitre.org	http://ubuntu.com/usn/usn-881-1
cve@mitre.org	http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-004.txt	Patch, Vendor Advisory
cve@mitre.org	http://www.debian.org/security/2010/dsa-1969
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2010:006
cve@mitre.org	http://www.securityfocus.com/bid/37749
cve@mitre.org	http://www.securitytracker.com/id?1023440
cve@mitre.org	http://www.vupen.com/english/advisories/2010/0096
cve@mitre.org	http://www.vupen.com/english/advisories/2010/0129
cve@mitre.org	http://www.vupen.com/english/advisories/2010/1481
cve@mitre.org	https://bugzilla.redhat.com/show_bug.cgi?id=545015	Patch
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11272
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7357
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8192
cve@mitre.org	https://rhn.redhat.com/errata/RHSA-2010-0029.html
cve@mitre.org	https://rhn.redhat.com/errata/RHSA-2010-0095.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033915.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033919.html
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=130497213107107&w=2
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38080
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38108
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38126
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38140
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38184
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38203
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38696
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/40220
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-66-275530-1
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021779.1-1
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT4188
af854a3a-2127-422b-91ae-364da2661108	http://support.avaya.com/css/P8/documents/100074869
af854a3a-2127-422b-91ae-364da2661108	http://ubuntu.com/usn/usn-881-1
af854a3a-2127-422b-91ae-364da2661108	http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-004.txt	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2010/dsa-1969
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2010:006
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/37749
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1023440
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/0096
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/0129
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/1481
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=545015	Patch
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11272
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7357
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8192
af854a3a-2127-422b-91ae-364da2661108	https://rhn.redhat.com/errata/RHSA-2010-0029.html
af854a3a-2127-422b-91ae-364da2661108	https://rhn.redhat.com/errata/RHSA-2010-0095.html

Impacted products

Vendor	Product	Version
mit	kerberos	5-1.6.3
mit	kerberos_5	1.3
mit	kerberos_5	1.3.1
mit	kerberos_5	1.3.2
mit	kerberos_5	1.3.3
mit	kerberos_5	1.3.4
mit	kerberos_5	1.3.5
mit	kerberos_5	1.3.6
mit	kerberos_5	1.4
mit	kerberos_5	1.4.1
mit	kerberos_5	1.4.2
mit	kerberos_5	1.4.3
mit	kerberos_5	1.4.4
mit	kerberos_5	1.5
mit	kerberos_5	1.5.1
mit	kerberos_5	1.5.2
mit	kerberos_5	1.5.3
mit	kerberos_5	1.6
mit	kerberos_5	1.6.1
mit	kerberos_5	1.6.2
mit	kerberos_5	1.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mit:kerberos:5-1.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "032730AE-1E53-4CA2-96FD-AD60CD27F3CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mit:kerberos_5:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F01A83F-3BD1-4DED-979A-B4B6B23039FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mit:kerberos_5:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACEB5A36-8F72-417A-AC92-149612EC7BCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mit:kerberos_5:1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B8704B5-F37B-4C61-A924-3774A29BFEB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mit:kerberos_5:1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F953CEBA-BAC0-48DF-A3D0-1FABCC9963E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mit:kerberos_5:1.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED81A044-8A7B-4EEF-A4B3-EA49D76FAAED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mit:kerberos_5:1.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "30AA5727-BD83-45CF-B308-BA5F8A577B9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mit:kerberos_5:1.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E088E64-6FBD-4148-8F78-506364B7BB1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mit:kerberos_5:1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "52F0EECF-7787-442B-9888-D22F7D36C3DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mit:kerberos_5:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF344AED-BE00-4A9B-A9DE-C6FB0BEE4617",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mit:kerberos_5:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "567406CA-58D8-453E-B36E-6D1D2EFC8EB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mit:kerberos_5:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7830E03F-A813-4E35-893E-BF27395CEFB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mit:kerberos_5:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7764411E-C056-4696-822E-235F2620FAC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mit:kerberos_5:1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DD315AE-868B-4061-BF01-CDBF59B02499",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mit:kerberos_5:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B639DD5F-71C7-4D9B-BA5C-51CAF64140B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mit:kerberos_5:1.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B904DCE-D59F-45C7-A814-DE42CF02792D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mit:kerberos_5:1.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9957FE9E-1E89-4C27-852C-44F866A1834E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mit:kerberos_5:1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C382DAA-68D2-4DD9-BE29-8EEB0BAF1A7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mit:kerberos_5:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "73BB258E-51CF-4D12-836B-BCEA587A3F5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mit:kerberos_5:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F81DE01C-BA3B-40B4-BD85-17692F0AF8A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mit:kerberos_5:1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFB1190E-BE7A-4C6B-862D-D5747C64E980",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de desbordamiento de entero en la funcionalidad de desencriptado AES y RC4 en la biblioteca crypto en MIT Kerberos 5 (tambi\u00e9n conocido comokrb5) v1.3 a la v1.6.3, y 1.7 anterior a v1.7.1, permite a atacantes remotos provocar una denegaci\u00f3n de servici\u00f3n (ca\u00edda de demonio) o posiblemente la ejecuci\u00f3n de c\u00f3digo de su elecci\u00f3n  facilitando texto cifrado (ciphertext) con un tama\u00f1o menor al v\u00e1lido."
    }
  ],
  "evaluatorImpact": "Per: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-004.txt\r\n\r\n\r\n\"Only releases krb5-1.3 and later are vulnerable, as\r\nearlier releases did not contain the functionality implemented by the\r\nvulnerable code.\r\n\r\nThis is an implementation vulnerability in MIT krb5, and is not a\r\nvulnerability in the Kerberos protocol.\"",
  "evaluatorSolution": "Per: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-004.txt\r\n\r\n\r\nFIXES\r\n=====\r\n\r\n* The upcoming krb5-1.7.1 and krb5-1.6.4 releases will contain a fix\r\n  for this vulnerability.\r\n\r\n* For the krb5-1.7 release, apply the patch available at:\r\n\r\n  http://web.mit.edu/kerberos/advisories/2009-004-patch_1.7.txt\r\n\r\n  A PGP-signed patch is available at\r\n\r\n  http://web.mit.edu/kerberos/advisories/2009-004-patch_1.7.txt.asc\r\n\r\n\r\n* For the krb5-1.6 releases, apply the patch available at:\r\n\r\n  http://web.mit.edu/kerberos/advisories/2009-004-patch_1.6.3.txt\r\n\r\n  A PGP-signed patch is available at\r\n\r\n  http://web.mit.edu/kerberos/advisories/2009-004-patch_1.6.3.txt.asc\r\n\r\n* The krb5-1.6.3 patch might apply successfully to older releases.\r\n",
  "id": "CVE-2009-4212",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-01-13T19:30:00.607",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033915.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033919.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=130497213107107\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/38080"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/38108"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/38126"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/38140"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/38184"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/38203"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/38696"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/40220"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-275530-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021779.1-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.apple.com/kb/HT4188"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.avaya.com/css/P8/documents/100074869"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://ubuntu.com/usn/usn-881-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-004.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2010/dsa-1969"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:006"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/37749"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1023440"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2010/0096"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2010/0129"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2010/1481"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=545015"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11272"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7357"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8192"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://rhn.redhat.com/errata/RHSA-2010-0029.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033915.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033919.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=130497213107107\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/38080"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/38108"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/38126"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/38140"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/38184"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/38203"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/38696"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/40220"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-275530-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021779.1-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT4188"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.avaya.com/css/P8/documents/100074869"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://ubuntu.com/usn/usn-881-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-004.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2010/dsa-1969"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:006"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/37749"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1023440"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/0096"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/0129"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/1481"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=545015"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11272"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7357"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8192"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://rhn.redhat.com/errata/RHSA-2010-0029.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-4212 (GCVE-0-2009-4212)

CERTA-2010-AVI-553

Description

Solution

CERTA-2010-AVI-265

Description

Solution

CERTA-2010-AVI-013

Description

Solution

GHSA-39CV-J24W-8WVF

GSD-2009-4212

FKIE_CVE-2009-4212

Tags

Sightings

Nomenclature