Orange Business Services
Vigil@nce Vigil@nce Vigil@nce
we track for your security since 1999
 home presentation vulnerabilities documentation contact  
subscriber area subscriber area
free access free access
The Vigil@nce team watches vulnerabilities impacting your computers, and then offers solutions, a database and tools to correct them.
recent vulnerabilities recent vulnerabilities
tracked products tracked products
RSS feed RSS feed
vulnerability

vulnerability bulletin CVE-2009-0845

MIT krb5: denial of service via SPNEGO

Synthesis of the vulnerability

An attacker can use a SPNEGO authentication in order to stop MIT Kerberos.
Severity: 2/4.
Creation date: 26/03/2009.

Impacted products

Description of the vulnerability

The SPNEGO (Simple and Protected GSSAPI NEGOtiation Mechanism, RFC 4178) mechanism is used to negotiate an authentication protocol. The MIT Kerberos server implements SPNEGO.

Two token types are defined: negTokenInit and negTokenResp. The NegTokenInit token contains a bit field named ContextFlags.

When the Kerberos client sends a NegTokenInit with an invalid ContextFlags flag, a NULL pointer is dereferenced in the spnego_gss_accept_sec_context() function of the lib/gssapi/spnego/spnego_mech.c file. This error stops the MIT Kerberos server.

An attacker can therefore use a malicious SPNEGO authentication in order to stop MIT Kerberos.

Share this bulletin

Delicious Digg Facebook Google bookmarks LinkedIn Mail Reddit StumbleUpon Technorati Twitter Yahoo 

Complete Vigil@nce bulletin

MIT krb5: denial of service via SPNEGO

Characteristics

Title: MIT krb5: denial of service via SPNEGO.
Keywords: 4178 ContextFlags GSSAPI Kerberos MIT Mechanism NEGOtiation NULL NegTokenInit Protected RFC SPNEGO Simple denial krb5 negTokenInit negTokenResp service spnego_gss_accept_sec_context spnego_mech.
Identifiers: 256728, 6822062, 6822066, BID-34257, CVE-2009-0845, DSA 1766-1, FEDORA-2009-2834, FEDORA-2009-2852, MDVSA-2009:082, MITKRB5-SA-2009-001, MITKRB5-SA-2009-002, SUSE-SA:2009:019, VIGILANCE-VUL-8568, VMSA-2010-0016, VMSA-2010-0016.1.
Pointed by: VIGILANCE-VUL-8608.

Information sources

Publications and announces
Source example: Ticket #6402 CVE-2009-0845 SPNEGO can dereference a null pointer

Solutions for this vulnerability

Patch or workaround

Computer vulnerabilities tracking service

Vigil@nce provides a systems vulnerabilities alert. The technology watch team tracks security threats targeting the computer system. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.



















Copyright 1999-2012 Vigil@nce. Vigil@nce is a service from Orange Business Services. Site map. Legal notice. Version française