CVE-2009-0846

The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer.

🔗 References (100)

• cve@mitrehttp://lists.apple.com/archives/security-announce/2009/May/msg00002.html
• cve@mitrehttp://lists.vmware.com/pipermail/security-announce/2009/000059.html
• cve@mitrehttp://marc.info/?l=bugtraq&m=124896429301168&w=2
• cve@mitrehttp://marc.info/?l=bugtraq&m=130497213107107&w=2
• cve@mitrehttp://rhn.redhat.com/errata/RHSA-2009-0409.html
• cve@mitrehttp://rhn.redhat.com/errata/RHSA-2009-0410.html
• cve@mitrehttp://secunia.com/advisories/34594
• cve@mitrehttp://secunia.com/advisories/34598
• cve@mitrehttp://secunia.com/advisories/34617
• cve@mitrehttp://secunia.com/advisories/34622
• cve@mitrehttp://secunia.com/advisories/34628
• cve@mitrehttp://secunia.com/advisories/34630
• cve@mitrehttp://secunia.com/advisories/34637
• cve@mitrehttp://secunia.com/advisories/34640
• cve@mitrehttp://secunia.com/advisories/34734