CVE Identifier: CVE-2009-4212, CVE-2009-4212 Summary: krb: KDC integer overflows in AES and RC4 decryption routines (MITKRB5-SA-2009-004) Keywords: Security Status: CLOSED ERRATA Priority: urgent Severity: urgent OS: Linux Component: vulnerability Description: - Integer underflow flaws found in MIT Kerberos Key Distribution Center (KDC) decryption routines using AES and RC4. - Results in heap-based corruption, leading to denial of service or arbitrary code execution. Affected Products: - Red Hat Enterprise Linux versions 3, 4, 4.7 Z Stream, 5, 5.2 Z Stream, and 5.3.Z - Server Only Public Advisory: MITKRB5-SA-2009-004.txt Patches Available: patch_1.7.txt, patch_1.6.3.txt RHSA: RHSA-2010:0029 Fixed in Fedora: - krb5-1.7.18.fc12 (Fedora 12) - krb5-1.6.3.23.fc11 (Fedora 11)