Published: 19/03/2008 Updated: 09/02/2024

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Subscribe to Mit

The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote malicious users to obtain sensitive information, aka "Uninitialized stack values."

Vulnerable Product	Search on Vulmon	Subscribe to Product
mit kerberos 5
apple mac os x
apple mac os x server
opensuse opensuse 10.2
opensuse opensuse 10.3
suse linux enterprise software development kit 10
suse linux enterprise server 10
suse linux enterprise desktop 10
suse linux 10.1
debian debian linux 3.1
debian debian linux 4.0
canonical ubuntu linux 7.04
canonical ubuntu linux 7.10
canonical ubuntu linux 6.10
canonical ubuntu linux 6.06
fedoraproject fedora 8
fedoraproject fedora 7

It was discovered that krb5 did not correctly handle certain krb4 requests An unauthenticated remote attacker could exploit this flaw by sending a specially crafted traffic, which could expose sensitive information, cause a crash, or execute arbitrary code (CVE-2008-0062, CVE-2008-0063) ...

Several remote vulnerabilities have been discovered in the kdc component of the krb5, a system for authenticating users and services on a network The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-0062 An unauthenticated remote attacker may cause a krb4-enabled KDC to crash, expose information, or execute ...

CWE-908 http://www.securityfocus.com/archive/1/489761 http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://www.mandriva.com/security/advisories?name=MDVSA-2008:070 http://www.mandriva.com/security/advisories?name=MDVSA-2008:071 http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html http://www.ubuntu.com/usn/usn-587-1 http://secunia.com/advisories/29428 http://secunia.com/advisories/29438 http://wiki.rpath.com/Advisories:rPSA-2008-0112 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112 http://www.debian.org/security/2008/dsa-1524 https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:069 http://www.redhat.com/support/errata/RHSA-2008-0164.html http://www.redhat.com/support/errata/RHSA-2008-0180.html http://www.redhat.com/support/errata/RHSA-2008-0181.html http://www.securityfocus.com/bid/28303 http://www.securitytracker.com/id?1019627 http://secunia.com/advisories/29420 http://secunia.com/advisories/29435 http://secunia.com/advisories/29450 http://secunia.com/advisories/29451 http://secunia.com/advisories/29457 http://secunia.com/advisories/29464 http://secunia.com/advisories/29423 http://secunia.com/advisories/29462 http://secunia.com/advisories/29516 http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html http://secunia.com/advisories/29663 http://secunia.com/advisories/29424 http://www.redhat.com/support/errata/RHSA-2008-0182.html http://www.vmware.com/security/advisories/VMSA-2008-0009.html http://secunia.com/advisories/30535 http://www.vupen.com/english/advisories/2008/0922/references http://www.vupen.com/english/advisories/2008/1744 http://www.vupen.com/english/advisories/2008/0924/references http://www.vupen.com/english/advisories/2008/1102/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41277 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8916 http://www.securityfocus.com/archive/1/493080/100/0/threaded http://www.securityfocus.com/archive/1/489883/100/0/threaded https://usn.ubuntu.com/587-1/https://nvd.nist.gov https://www.kb.cert.org/vuls/id/895609

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook