admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2009/CVE-2009-42xx/CVE-2009-4212.json
cad-safe-bot 9d8babeec3 Auto-Update: 2024-07-14T02:00:17.787041+00:00
2024-07-14 02:06:08 +00:00

309 lines
11 KiB
JSON
Raw Blame History

{
"id": "CVE-2009-4212",
"sourceIdentifier": "cve@mitre.org",
"published": "2010-01-13T19:30:00.607",
"lastModified": "2020-01-21T15:45:49.680",
"vulnStatus": "Modified",
"cveTags": [],
"evaluatorSolution": "Per: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-004.txt\r\n\r\n\r\nFIXES\r\n=====\r\n\r\n* The upcoming krb5-1.7.1 and krb5-1.6.4 releases will contain a fix\r\n for this vulnerability.\r\n\r\n* For the krb5-1.7 release, apply the patch available at:\r\n\r\n http://web.mit.edu/kerberos/advisories/2009-004-patch_1.7.txt\r\n\r\n A PGP-signed patch is available at\r\n\r\n http://web.mit.edu/kerberos/advisories/2009-004-patch_1.7.txt.asc\r\n\r\n\r\n* For the krb5-1.6 releases, apply the patch available at:\r\n\r\n http://web.mit.edu/kerberos/advisories/2009-004-patch_1.6.3.txt\r\n\r\n A PGP-signed patch is available at\r\n\r\n http://web.mit.edu/kerberos/advisories/2009-004-patch_1.6.3.txt.asc\r\n\r\n* The krb5-1.6.3 patch might apply successfully to older releases.\r\n",
"evaluatorImpact": "Per: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-004.txt\r\n\r\n\r\n\"Only releases krb5-1.3 and later are vulnerable, as\r\nearlier releases did not contain the functionality implemented by the\r\nvulnerable code.\r\n\r\nThis is an implementation vulnerability in MIT krb5, and is not a\r\nvulnerability in the Kerberos protocol.\"",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de desbordamiento de entero en la funcionalidad de desencriptado AES y RC4 en la biblioteca crypto en MIT Kerberos 5 (tambi\u00e9n conocido comokrb5) v1.3 a la v1.6.3, y 1.7 anterior a v1.7.1, permite a atacantes remotos provocar una denegaci\u00f3n de servici\u00f3n (ca\u00edda de demonio) o posiblemente la ejecuci\u00f3n de c\u00f3digo de su elecci\u00f3n facilitando texto cifrado (ciphertext) con un tama\u00f1o menor al v\u00e1lido."
}
],
"metrics": {
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-189"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mit:kerberos:5-1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "032730AE-1E53-4CA2-96FD-AD60CD27F3CA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mit:kerberos_5:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7F01A83F-3BD1-4DED-979A-B4B6B23039FD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mit:kerberos_5:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ACEB5A36-8F72-417A-AC92-149612EC7BCB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mit:kerberos_5:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7B8704B5-F37B-4C61-A924-3774A29BFEB3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mit:kerberos_5:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F953CEBA-BAC0-48DF-A3D0-1FABCC9963E2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mit:kerberos_5:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "ED81A044-8A7B-4EEF-A4B3-EA49D76FAAED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mit:kerberos_5:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "30AA5727-BD83-45CF-B308-BA5F8A577B9D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mit:kerberos_5:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0E088E64-6FBD-4148-8F78-506364B7BB1E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mit:kerberos_5:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "52F0EECF-7787-442B-9888-D22F7D36C3DE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mit:kerberos_5:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EF344AED-BE00-4A9B-A9DE-C6FB0BEE4617"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mit:kerberos_5:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "567406CA-58D8-453E-B36E-6D1D2EFC8EB6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mit:kerberos_5:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7830E03F-A813-4E35-893E-BF27395CEFB3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mit:kerberos_5:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7764411E-C056-4696-822E-235F2620FAC4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mit:kerberos_5:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4DD315AE-868B-4061-BF01-CDBF59B02499"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mit:kerberos_5:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B639DD5F-71C7-4D9B-BA5C-51CAF64140B6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mit:kerberos_5:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2B904DCE-D59F-45C7-A814-DE42CF02792D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mit:kerberos_5:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9957FE9E-1E89-4C27-852C-44F866A1834E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mit:kerberos_5:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2C382DAA-68D2-4DD9-BE29-8EEB0BAF1A7A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mit:kerberos_5:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "73BB258E-51CF-4D12-836B-BCEA587A3F5F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mit:kerberos_5:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F81DE01C-BA3B-40B4-BD85-17692F0AF8A8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mit:kerberos_5:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DFB1190E-BE7A-4C6B-862D-D5747C64E980"
}
]
}
]
}
],
"references": [
{
"url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html",
"source": "cve@mitre.org"
},
{
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033915.html",
"source": "cve@mitre.org"
},
{
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033919.html",
"source": "cve@mitre.org"
},
{
"url": "http://marc.info/?l=bugtraq&m=130497213107107&w=2",
"source": "cve@mitre.org"
},
{
"url": "http://secunia.com/advisories/38080",
"source": "cve@mitre.org"
},
{
"url": "http://secunia.com/advisories/38108",
"source": "cve@mitre.org"
},
{
"url": "http://secunia.com/advisories/38126",
"source": "cve@mitre.org"
},
{
"url": "http://secunia.com/advisories/38140",
"source": "cve@mitre.org"
},
{
"url": "http://secunia.com/advisories/38184",
"source": "cve@mitre.org"
},
{
"url": "http://secunia.com/advisories/38203",
"source": "cve@mitre.org"
},
{
"url": "http://secunia.com/advisories/38696",
"source": "cve@mitre.org"
},
{
"url": "http://secunia.com/advisories/40220",
"source": "cve@mitre.org"
},
{
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-275530-1",
"source": "cve@mitre.org"
},
{
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021779.1-1",
"source": "cve@mitre.org"
},
{
"url": "http://support.apple.com/kb/HT4188",
"source": "cve@mitre.org"
},
{
"url": "http://support.avaya.com/css/P8/documents/100074869",
"source": "cve@mitre.org"
},
{
"url": "http://ubuntu.com/usn/usn-881-1",
"source": "cve@mitre.org"
},
{
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-004.txt",
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "http://www.debian.org/security/2010/dsa-1969",
"source": "cve@mitre.org"
},
{
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:006",
"source": "cve@mitre.org"
},
{
"url": "http://www.securityfocus.com/bid/37749",
"source": "cve@mitre.org"
},
{
"url": "http://www.securitytracker.com/id?1023440",
"source": "cve@mitre.org"
},
{
"url": "http://www.vupen.com/english/advisories/2010/0096",
"source": "cve@mitre.org"
},
{
"url": "http://www.vupen.com/english/advisories/2010/0129",
"source": "cve@mitre.org"
},
{
"url": "http://www.vupen.com/english/advisories/2010/1481",
"source": "cve@mitre.org"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=545015",
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11272",
"source": "cve@mitre.org"
},
{
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7357",
"source": "cve@mitre.org"
},
{
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8192",
"source": "cve@mitre.org"
},
{
"url": "https://rhn.redhat.com/errata/RHSA-2010-0029.html",
"source": "cve@mitre.org"
},
{
"url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html",
"source": "cve@mitre.org"
}
]
}
Reference in New Issue View Git Blame Copy Permalink