VMSA-2009-0008 : ESX Service Console update for krb5

This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.


Synopsis :

The remote VMware ESX host is missing a security-related patch.

Description :

a. Service Console package krb5 update

Kerberos is a network authentication protocol. It is designed to
provide strong authentication for client/server applications by
using secret-key cryptography.

An input validation flaw in the asn1_decode_generaltime function in
MIT Kerberos 5 before 1.6.4 allows remote attackers to cause a
denial of service or possibly execute arbitrary code via vectors
involving an invalid DER encoding that triggers a free of an
uninitialized pointer.

A remote attacker could use this flaw to crash a network service
using the MIT Kerberos library, such as kadmind or krb5kdc, by
causing it to dereference or free an uninitialized pointer or,
possibly, execute arbitrary code with the privileges of the user
running the service.

NOTE: ESX by default is unaffected by this issue, the daemons
kadmind and krb5kdc are not installed in ESX.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2009-0846 to this issue.

In addition the ESX 4.0 Service Console krb5 package was also
updated for CVE-2009-0845, and CVE-2009-0844 and RHBA-2009-0135.

MIT Kerberos versions 5 1.5 through 1.6.3 might allow remote
attackers to cause a denial of service by using invalid
ContextFlags data in the reqFlags field in a negTokenInit token.

The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2009-0845 to this issue.

MIT Kerberos 5 before version 1.6.4 might allow remote attackers to
cause a denial of service or possibly execute arbitrary code by
using vectors involving an invalid DER encoding that triggers a
free of an uninitialized pointer.

The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2009-0846 to this issue.

For ESX 4.0, 3.5, 3.0.3 the Service Console package pam_krb5 has
also been upgraded. For details on the non-security issues that
this upgrade addresses, refer to the respective KB article listed
in section 4 below.

See also :

http://lists.vmware.com/pipermail/security-announce/2009/000063.html

Solution :

Apply the missing patch.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: VMware ESX Local Security Checks

Nessus Plugin ID: 40393 ()

Bugtraq ID: 34257
34409

CVE ID: CVE-2009-0844
CVE-2009-0845
CVE-2009-0846