VMware Security Advisory - An input validation flaw in the asn1_decode_generaltime function in MIT Kerberos 5 before 1.6.4 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer.
4f0734141a168fd7c0c58057eb4527e3-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2009-0008
Synopsis: ESX Service Console update for krb5
Issue date: 2009-06-30
Updated on: 2009-06-30 (initial release of advisory)
CVE numbers: CVE-2009-0846
- ------------------------------------------------------------------------
1. Summary
Service Console package krb5 has been updated to version
krb5-1.2.7-70.
2. Relevant releases
VMware ESX 3.5.0 without patch ESX350-200906407-SG
3. Problem Description
a. Service Console package krb5 update to version krb5-1.2.7-70
Kerberos is a network authentication protocol. It is designed to
provide strong authentication for client/server applications by
using secret-key cryptography.
An input validation flaw in the asn1_decode_generaltime function in
MIT Kerberos 5 before 1.6.4 allows remote attackers to cause a
denial of service or possibly execute arbitrary code via vectors
involving an invalid DER encoding that triggers a free of an
uninitialized pointer.
A remote attacker could use this flaw to crash a network service
using the MIT Kerberos library, such as kadmind or krb5kdc, by
causing it to dereference or free an uninitialized pointer or,
possibly, execute arbitrary code with the privileges of the user
running the service.
NOTE: ESX by default is unaffected by this issue, the daemons
kadmind and krb5kdc are not installed in ESX.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2009-0846 to this issue.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi 3.5 ESXi not affected
ESX 4.0 ESX affected, patch pending
ESX 3.5 ESX ESX350-200906407-SG
ESX 3.0.3 ESX affected, patch pending
ESX 3.0.2 ESX affected, patch pending
ESX 2.5.5 ESX affected, patch pending
* hosted products are VMware Workstation, Player, ACE, Server, Fusion.
4. Solution
Please review the patch/release notes for your product and version
and verify the md5sum of your downloaded file.
ESX
---
ESX 3.5.0 ESX350-200906407-SG
http://download3.vmware.com/software/vi/ESX350-200906407-SG.zip
md5sum: 6b8079430b0958abbf77e944a677ac6b
http://kb.vmware.com/kb/1011801
5. References
CVE numbers
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0846
- ------------------------------------------------------------------------
6. Change log
2009-06-30 VMSA-2009-0008
Initial security advisory after release of patches for ESX 3.5 on
2009-06-30.
- -----------------------------------------------------------------------
7. Contact
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
* security-announce at lists.vmware.com
* bugtraq at securityfocus.com
* full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055
VMware Security Center
http://www.vmware.com/security
VMware security response policy
http://www.vmware.com/support/policies/security_response.html
General support life cycle policy
http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html
Copyright 2009 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.3 (Build 4028)
Charset: utf-8
wj8DBQFKSwuTS2KysvBH1xkRAoUdAJ9p880DOAAa1Eey+EhEYJKQwuHLtgCfVBku
2uDpvVwMPaKZA6dcNPJxENc=
=GMve
-----END PGP SIGNATURE-----
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!