CVE-2009-4212

Published: 12 January 2010

Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid.

Priority

Status

Package	Release	Status
krb5 Launchpad, Ubuntu, Debian	upstream	Released (1.7.1)
	dapper	Released (1.4.3-5ubuntu0.10)
	hardy	Released (1.6.dfsg.3~beta1-2ubuntu1.3)
	intrepid	Released (1.6.dfsg.4~beta1-3ubuntu0.3)
	jaunty	Released (1.6.dfsg.4~beta1-5ubuntu2.2)
	karmic	Released (1.7dfsg~beta3-1ubuntu0.3)

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4212
https://ubuntu.com/security/notices/USN-881-1
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›