CVE-2009-0847

Publication date 9 April 2009

Last updated 24 July 2024

Ubuntu priority

The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service (application crash) via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations with pointer arithmetic.

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
krb5	8.10 intrepid	Fixed 1.6.dfsg.4~beta1-3ubuntu0.1
	8.04 LTS hardy	Fixed 1.6.dfsg.3~beta1-2ubuntu1.1
	7.10 gutsy	Fixed 1.6.dfsg.1-7ubuntu0.2
	6.06 LTS dapper	Not affected

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-755-1
Kerberos vulnerabilities
7 April 2009

Other references

https://www.cve.org/CVERecord?id=CVE-2009-0847