The MIT krb5 implementation of the SPNEGO GSS-API mechanism can read beyond the end of a network input buffer. This can cause a GSS-API application to crash by reading from invalid address space. Under theoretically possible but very unlikely conditions, a small information leak may occur. We believe that no successful exploit exists that could induce an information leak.
The affected code is not in versions older than krb5 1.5, so only RHEL5 is affected (krb5 1.3.4 is in RHEL4).
Created attachment 335792 [details] patch to fix MITKRB5-SA-2009-001 issues (CVE-2009-{0844,0845,0847} This patch corrects CVE-2009-0844, CVE-2009-0845, and CVE-2009-0846. Provided by upstream.
CVE-2009-0845 was previously disclosed, see bug #490634.
Created attachment 337997 [details] Updated upstream patch Upstream has updated patch for CVE-2009-0844 and CVE-2009-0845, fixing limited buffer over-read possible with previous patch. Few extra checks were added, and patch for CVE-2009-0845 was changed to provide an error token.
Public now via: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-001.txt
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2009:0408 https://rhn.redhat.com/errata/RHSA-2009-0408.html
krb5-1.6.3-16.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
krb5-1.6.3-18.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in: Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2009-0408.html Fedora: https://admin.fedoraproject.org/updates/F10/FEDORA-2009-2852 https://admin.fedoraproject.org/updates/F9/FEDORA-2009-2834