Oval Definition:oval:org.mitre.oval:def:8192
Revision Date:2010-06-07Version:17
Title:Integer Overflow Security Vulnerability in AES and RC4 Decryption in the Solaris Kerberos Crypto Library May Lead to Execution of Arbitrary Code or a Denial of Service (DoS)
Description:Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid.
Family:unixClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2009-4212
Platform(s):Sun Solaris 10
Product(s):
Definition Synopsis
  • Software Section
  • Solaris 10 (SPARC) meets Sun Alert 275530
  • Solaris 10 (SPARC) is installed
  • AND NOT Patch 141500-06 or later installed
  • OR Solaris 10 (x86) meets Sun Alert 275530
  • Solaris 10 (x86) is installed
  • AND NOT Patch 141501-07 or later installed
  • AND /etc/krb5/krb5.conf is configured with a kerberos domain
    • BACK