CVE-2008-0063

Published: Mar 19, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

ADV-2008-1744

vdb-entry

x_refsource_VUPEN

29457

third-party-advisory

x_refsource_SECUNIA

MDVSA-2008:069

vendor-advisory

x_refsource_MANDRIVA

29464

third-party-advisory

x_refsource_SECUNIA

GLSA-200803-31

vendor-advisory

x_refsource_GENTOO

krb5-kdc-kerberos4-info-disclosure(41277)

vdb-entry

x_refsource_XF

FEDORA-2008-2637

vendor-advisory

x_refsource_FEDORA

MDVSA-2008:071

vendor-advisory

x_refsource_MANDRIVA

http://wiki.rpath.com/Advisories:rPSA-2008-0112

x_refsource_CONFIRM

1019627

vdb-entry

x_refsource_SECTRACK

http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html

x_refsource_CONFIRM

29451

third-party-advisory

x_refsource_SECUNIA

29663

third-party-advisory

x_refsource_SECUNIA

FEDORA-2008-2647

vendor-advisory

x_refsource_FEDORA

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112

x_refsource_CONFIRM

29438

third-party-advisory

x_refsource_SECUNIA

http://www.vmware.com/security/advisories/VMSA-2008-0009.html

x_refsource_CONFIRM

ADV-2008-0924

vdb-entry

x_refsource_VUPEN

RHSA-2008:0164

vendor-advisory

x_refsource_REDHAT

MDVSA-2008:070

vendor-advisory

x_refsource_MANDRIVA

ADV-2008-0922

vdb-entry

x_refsource_VUPEN

29450

third-party-advisory

x_refsource_SECUNIA

29435

third-party-advisory

x_refsource_SECUNIA

20080319 rPSA-2008-0112-1 krb5 krb5-server krb5-services krb5-test krb5-workstation

mailing-list

x_refsource_BUGTRAQ

29428

third-party-advisory

x_refsource_SECUNIA

29420

third-party-advisory

x_refsource_SECUNIA

DSA-1524

vendor-advisory

x_refsource_DEBIAN

30535

third-party-advisory

x_refsource_SECUNIA

APPLE-SA-2008-03-18

vendor-advisory

x_refsource_APPLE

RHSA-2008:0182

vendor-advisory

x_refsource_REDHAT

oval:org.mitre.oval:def:8916

vdb-entry

signature

x_refsource_OVAL

http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html

x_refsource_CONFIRM

20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues

mailing-list

x_refsource_BUGTRAQ

RHSA-2008:0180

vendor-advisory

x_refsource_REDHAT

SUSE-SA:2008:016

vendor-advisory

x_refsource_SUSE

29516

third-party-advisory

x_refsource_SECUNIA

29462

third-party-advisory

x_refsource_SECUNIA

29424

third-party-advisory

x_refsource_SECUNIA

http://docs.info.apple.com/article.html?artnum=307562

x_refsource_CONFIRM

RHSA-2008:0181

vendor-advisory

x_refsource_REDHAT

29423

third-party-advisory

x_refsource_SECUNIA

USN-587-1

vendor-advisory

x_refsource_UBUNTU

ADV-2008-1102

vdb-entry

x_refsource_VUPEN

28303

vdb-entry

x_refsource_BID

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt

x_refsource_CONFIRM

20080318 MITKRB5-SA-2008-001: double-free, uninitialized data vulnerabilities in krb5kdc

mailing-list

x_refsource_BUGTRAQ

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2008-0063

Description

Affected Products

References