Computer Security
[EN] securityvulns.ru no-pyccku


MIT Kerberos 5 integer overflows
Published:17.01.2010
Source:
SecurityVulns ID:10517
Type:remote
Threat Level:
6/10
Description:Integer overflows on RC4 and AES decription.
Affected:MIT : krb5 1.6
 MIT : krb5 1.7
CVE:CVE-2009-4212 (Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid.)
Original documentdocumentMIT, MITKRB5-SA-2009-004 [CVE-2009-4212] integer underflow in AES and RC4 decryption (17.01.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod