Search for vulnerabilities
Vulnerability details: VCID-twk2-g17s-aaap
Vulnerability ID VCID-twk2-g17s-aaap
Aliases CVE-2009-0845
Summary The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-20 Improper Input Validation
CWE-476 NULL Pointer Dereference
System Score Found at
rhas Important https://access.redhat.com/errata/RHSA-2009:0408
epss 0.05224 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.05224 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.05224 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.05224 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.05224 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.05224 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.05224 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.05224 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.05224 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.05224 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.05224 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.08260 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.08260 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.08260 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.08260 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.2928 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.2928 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.2928 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.2928 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.2928 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.2928 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.2928 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.2928 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.2928 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.2928 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.2928 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.2928 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.2928 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.2928 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.2928 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.2928 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.2928 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.2928 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.2928 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.2928 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.2928 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.2928 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.2928 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.2928 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.2928 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.2928 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.2928 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.2928 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.2928 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.2928 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.2928 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.2928 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.2928 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.2928 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.2928 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.2928 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.2928 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.2928 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.2928 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.2928 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.2928 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.2928 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.2928 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.2928 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.2928 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.2928 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.2928 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.2928 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.2928 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.2928 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.2928 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.2928 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.2928 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.2928 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
epss 0.39838 https://api.first.org/data/v1/epss?cve=CVE-2009-0845
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=490634
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2009-0845
Reference id Reference type URL
http://krbdev.mit.edu/rt/Ticket/Display.html?user=guest&pass=guest&id=6402
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0845.json
https://api.first.org/data/v1/epss?cve=CVE-2009-0845
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0845
http://secunia.com/advisories/34347
http://secunia.com/advisories/34594
http://secunia.com/advisories/34617
http://secunia.com/advisories/34622
http://secunia.com/advisories/34628
http://secunia.com/advisories/34630
http://secunia.com/advisories/34637
http://secunia.com/advisories/34640
http://secunia.com/advisories/34734
http://secunia.com/advisories/35074
http://security.gentoo.org/glsa/glsa-200904-09.xml
https://exchange.xforce.ibmcloud.com/vulnerabilities/49448
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10044
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6449
http://src.mit.edu/fisheye/browse/krb5/trunk/src/lib/gssapi/spnego/spnego_mech.c?r1=21875&r2=22084
http://src.mit.edu/fisheye/changelog/krb5/?cs=22084
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256728-1
http://support.apple.com/kb/HT3549
http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00205.html
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00206.html
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-001.txt
http://wiki.rpath.com/Advisories:rPSA-2009-0058
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058
http://www-01.ibm.com/support/docview.wss?uid=swg21396120
http://www.kb.cert.org/vuls/id/662091
http://www.mandriva.com/security/advisories?name=MDVSA-2009:082
http://www.redhat.com/support/errata/RHSA-2009-0408.html
http://www.securityfocus.com/archive/1/502526/100/0/threaded
http://www.securityfocus.com/archive/1/502546/100/0/threaded
http://www.securityfocus.com/bid/34257
http://www.securitytracker.com/id?1021867
http://www.ubuntu.com/usn/usn-755-1
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
http://www.vupen.com/english/advisories/2009/0847
http://www.vupen.com/english/advisories/2009/0976
http://www.vupen.com/english/advisories/2009/1057
http://www.vupen.com/english/advisories/2009/1106
http://www.vupen.com/english/advisories/2009/1297
http://www.vupen.com/english/advisories/2009/2248
490634 https://bugzilla.redhat.com/show_bug.cgi?id=490634
cpe:2.3:a:mit:kerberos_5:1.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:1.5:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.5.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.5.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.5.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:1.5.3:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:1.6:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.6.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.6.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:1.6.2:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos:5-1.6.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos:5-1.6.3:*:*:*:*:*:*:*
CVE-2009-0845 https://nvd.nist.gov/vuln/detail/CVE-2009-0845
GLSA-200904-09 https://security.gentoo.org/glsa/200904-09
RHSA-2009:0408 https://access.redhat.com/errata/RHSA-2009:0408
USN-755-1 https://usn.ubuntu.com/755-1/
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2009-0845
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.93225
EPSS Score 0.05224
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.