Red Hat Bugzilla – Bug 490634
CVE-2009-0845 krb5: NULL pointer dereference in GSSAPI SPNEGO (MITKRB5-SA-2009-001)
Last modified: 2016-03-04 06:21:11 EST
A null pointer dereference flaw was found in Kerberos's GSS-API spnego
security mechanism implemenation. A local user could use this flaw
to cause a denial of service (krb5 daemon crash) via invalid ContextFlags for
the reqFlags field in the NegTokenInit (RFC 4178).
krb5-1.6.3-17.fc10 has been submitted as an update for Fedora 10.
krb5-1.6.3-15.fc9 has been submitted as an update for Fedora 9.
This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 2.1, 3, and 4.
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-0845 to
the following vulnerability:
Reference: CONFIRM: http://krbdev.mit.edu/rt/Ticket/Display.html?user=guest&pass=guest&id=6402
Reference: CONFIRM: http://src.mit.edu/fisheye/browse/krb5/trunk/src/lib/gssapi/spnego/spnego_mech.c?r1=21875&r2=22084
Reference: CONFIRM: http://src.mit.edu/fisheye/changelog/krb5/?cs=22084
Reference: URL: http://www.securityfocus.com/bid/34257
Reference: URL: http://secunia.com/advisories/34347
Reference: URL: http://www.vupen.com/english/advisories/2009/0847 The spnego_gss_accept_sec_context function in
lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.6.3,
when SPNEGO is used, allows remote attackers to cause a denial of
service (NULL pointer dereference and application crash) via invalid
ContextFlags data in the reqFlags field in a negTokenInit token.
Covered now in upstream security advisory:
Final upstream patch differs from the previous one:
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Via RHSA-2009:0408 https://rhn.redhat.com/errata/RHSA-2009-0408.html
krb5-1.6.3-16.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
krb5-1.6.3-18.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in:
Red Hat Enterprise Linux: