CVE-2009-0847

Name of the Vulnerable Software and Affected Versions krb5 versions prior to 1.6.3 mit-krb5 versions prior to 1.6.3-r6 SUSE Linux Enterprise (affected versions not specified)

Description The issue concerns multiple vulnerabilities in the krb5 package, which can lead to a disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. Specifically, the asn1buf imbed function in the ASN.1 decoder in MIT Kerberos 5, when PK-INIT is used, allows remote attackers to cause a denial of service via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations with pointer arithmetic.

Recommendations For krb5 versions prior to 1.6.3, update to version 1.6.3 or later to resolve the issue. For mit-krb5 versions prior to 1.6.3-r6, update to version 1.6.3-r6 or later to resolve the issue. For SUSE Linux Enterprise, at the moment, there is no information about a newer version that contains a fix for this vulnerability.