Oval Definition:oval:org.mitre.oval:def:6387
Revision Date:2015-04-20Version:26
Title:HP-UX Running Kerberos, Remote Denial of Service (DoS), Execution of Arbitrary Code
Description:The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service (application crash) via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations with pointer arithmetic.
Family:unixClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2009-0847
Platform(s):HP-UX 11
Product(s):
Definition Synopsis
  • Criteria meets HP Security Bulletin HPSBUX02421
  • HP-UX B.11.23
  • AND filesets tests
  • krb5client.KRB5-64SLIB-A version is less than D.1.6.2.01
  • OR krb5client.KRB5-PRG-A version is less than D.1.6.2.01
  • OR krb5client.KRB5-RUN-A version is less than D.1.6.2.01
  • OR krb5client.KRB5-SHLIB-A version is less than D.1.6.2.01
  • OR krb5client.KRB5IA32SLIB-A version is less than D.1.6.2.01
  • OR krb5client.KRB5IA64SLIB-A version is less than D.1.6.2.01
  • OR Criteria meets HP Security Bulletin HPSBUX02421
  • HP-UX B.11.11
  • AND filesets tests
  • krb5client.KRB5-64SLIB-A version is less than C.1.3.5.09
  • OR krb5client.KRB5-PRG-A version is less than C.1.3.5.09
  • OR krb5client.KRB5-RUN-A version is less than C.1.3.5.09
  • OR krb5client.KRB5-SHLIB-A version is less than C.1.3.5.09
  • OR Criteria meets HP Security Bulletin HPSBUX02421
  • HP-UX B.11.31
  • AND filesets tests
  • krb5client.KRB5-64SLIB-A version is less than E.1.6.2.03
  • OR krb5client.KRB5-PRG-A version is less than E.1.6.2.03
  • OR krb5client.KRB5-RUN-A version is less than E.1.6.2.03
  • OR krb5client.KRB5-SHLIB-A version is less than E.1.6.2.03
  • OR krb5client.KRB5IA32SLIB-A version is less than E.1.6.2.03
  • OR krb5client.KRB5IA64SLIB-A version is less than E.1.6.2.03
    • BACK