An ASN.1 decoder can free an uninitialized pointer when decoding an invalid encoding. This can cause a Kerberos application to crash, or, under theoretically possible but unlikely circumstances, execute arbitrary malicious code. No exploit is known to exist that would cause arbitrary code execution. This is an implementation vulnerability in MIT krb5, and is not a vulnerability in the Kerberos protocol.
Created attachment 335794 [details] upstream patch to fix MITKRB5-SA-2009-002 issue (CVE-2009-0846)
This flaw can easily allow an attacker to crash affected application. Code execution depends on ability to exploit free() called on uninitialized pointer. glibc on Red Hat Enterprise Linux 4 and later provides hardened malloc/free implementations, greatly mitigating possibility of exploitation of this flaw. Red Hat Enterprise Linux 2.1 and 3 do not offer such hardening, resulting in higher impact rating for those versions.
Public now via: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-002.txt
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2009:0408 https://rhn.redhat.com/errata/RHSA-2009-0408.html
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Via RHSA-2009:0409 https://rhn.redhat.com/errata/RHSA-2009-0409.html
This issue has been addressed in following products: Red Hat Enterprise Linux 2.1 Red Hat Enterprise Linux 3 Via RHSA-2009:0410 https://rhn.redhat.com/errata/RHSA-2009-0410.html
krb5-1.6.3-16.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
krb5-1.6.3-18.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in: Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2009-0408.html http://rhn.redhat.com/errata/RHSA-2009-0410.html http://rhn.redhat.com/errata/RHSA-2009-0409.html Fedora: https://admin.fedoraproject.org/updates/F10/FEDORA-2009-2852 https://admin.fedoraproject.org/updates/F9/FEDORA-2009-2834