OracleVM 2.1 : krb5 (OVMSA-2009-0003)

Critical Nessus Plugin ID 79452

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 5.9


The remote OracleVM host is missing one or more security updates.


The remote OracleVM system is missing necessary patches to address critical security updates :

CVE-2009-0844 The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that triggers a buffer over-read.

CVE-2009-0845 The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token.

CVE-2009-0846 The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer.

- update to revised patch for (CVE-2009-0844, CVE-2009-0845)

- add fix for potential buffer read overrun in the SPNEGO GSSAPI mechanism (#490635, CVE-2009-0844)

- add fix for NULL pointer dereference when handling certain error cases in the SPNEGO GSSAPI mechanism (#490635, CVE-2009-0845)

- add fix for attempt to free uninitialized pointer in the ASN.1 decoder (#490635, CVE-2009-0846)

- add fix for bug in length validation in the ASN.1 decoder (CVE-2009-0847)

- add backport of svn patch to fix a bug in how the gssapi library handles certain error cases in gss_accept_sec_context (CVE-2009-0845,

- add a backported patch which adds a check on credentials obtained from a foreign realm to make sure that they're of an acceptable type, and if not, retry to the request to get one of the right type (Sadique Puthen,

- backport fix from 1.6.3 to register file-based ccaches created with the krb5_cc_new_unique function with the global list, so that we don't crash when we go to close the ccache (#468729)


Update the affected krb5-libs / krb5-server / krb5-workstation packages.

See Also

Plugin Details

Severity: Critical

ID: 79452

File Name: oraclevm_OVMSA-2009-0003.nasl

Version: 1.8

Type: local

Published: 2014/11/26

Updated: 2021/01/14

Dependencies: 12634

Risk Information

Risk Factor: Critical

VPR Score: 5.9

CVSS v2.0

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:krb5-libs, p-cpe:/a:oracle:vm:krb5-server, p-cpe:/a:oracle:vm:krb5-workstation, cpe:/o:oracle:vm_server:2.1

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2009/04/16

Vulnerability Publication Date: 2009/03/27

Reference Information

CVE: CVE-2009-0844, CVE-2009-0845, CVE-2009-0846, CVE-2009-0847

BID: 34257, 34408, 34409

CWE: 20, 119, 189