OracleVM 2.1 : krb5 (OVMSA-2009-0003)

critical Nessus Plugin ID 79452
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.


The remote OracleVM host is missing one or more security updates.


The remote OracleVM system is missing necessary patches to address critical security updates :

CVE-2009-0844 The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that triggers a buffer over-read.

CVE-2009-0845 The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token.

CVE-2009-0846 The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer.

- update to revised patch for (CVE-2009-0844, CVE-2009-0845)

- add fix for potential buffer read overrun in the SPNEGO GSSAPI mechanism (#490635, CVE-2009-0844)

- add fix for NULL pointer dereference when handling certain error cases in the SPNEGO GSSAPI mechanism (#490635, CVE-2009-0845)

- add fix for attempt to free uninitialized pointer in the ASN.1 decoder (#490635, CVE-2009-0846)

- add fix for bug in length validation in the ASN.1 decoder (CVE-2009-0847)

- add backport of svn patch to fix a bug in how the gssapi library handles certain error cases in gss_accept_sec_context (CVE-2009-0845,

- add a backported patch which adds a check on credentials obtained from a foreign realm to make sure that they're of an acceptable type, and if not, retry to the request to get one of the right type (Sadique Puthen,

- backport fix from 1.6.3 to register file-based ccaches created with the krb5_cc_new_unique function with the global list, so that we don't crash when we go to close the ccache (#468729)


Update the affected krb5-libs / krb5-server / krb5-workstation packages.

See Also

Plugin Details

Severity: Critical

ID: 79452

File Name: oraclevm_OVMSA-2009-0003.nasl

Version: 1.8

Type: local

Published: 11/26/2014

Updated: 1/14/2021

Dependencies: ssh_get_info.nasl

Risk Information


Risk Factor: Medium

Score: 5.9


Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:krb5-libs, p-cpe:/a:oracle:vm:krb5-server, p-cpe:/a:oracle:vm:krb5-workstation, cpe:/o:oracle:vm_server:2.1

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 4/16/2009

Vulnerability Publication Date: 3/27/2009

Reference Information

CVE: CVE-2009-0844, CVE-2009-0845, CVE-2009-0846, CVE-2009-0847

BID: 34257, 34408, 34409

CWE: 20, 119, 189