CVE-2008-0063

The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."

CVSS v3 7.5 HIGH
CVSS v2.0 4.3 MEDIUM

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://docs.info.apple.com/article.html?artnum=307562	Broken Link
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html	Mailing List
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html	Mailing List
http://secunia.com/advisories/29420	Broken Link Vendor Advisory
http://secunia.com/advisories/29423	Broken Link Vendor Advisory
http://secunia.com/advisories/29424	Broken Link Vendor Advisory
http://secunia.com/advisories/29428	Broken Link Vendor Advisory
http://secunia.com/advisories/29435	Broken Link Vendor Advisory
http://secunia.com/advisories/29438	Broken Link Vendor Advisory
http://secunia.com/advisories/29450	Broken Link Vendor Advisory
http://secunia.com/advisories/29451	Broken Link Vendor Advisory
http://secunia.com/advisories/29457	Broken Link Vendor Advisory
http://secunia.com/advisories/29462	Broken Link Vendor Advisory
http://secunia.com/advisories/29464	Broken Link Vendor Advisory
http://secunia.com/advisories/29516	Broken Link Vendor Advisory
http://secunia.com/advisories/29663	Broken Link Vendor Advisory
http://secunia.com/advisories/30535	Broken Link Vendor Advisory
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html	Broken Link
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html	Broken Link
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt	Third Party Advisory
http://wiki.rpath.com/Advisories:rPSA-2008-0112	Broken Link
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112	Broken Link
http://www.debian.org/security/2008/dsa-1524	Third Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml	Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:069	Patch Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:070	Patch Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:071	Patch Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0164.html	Broken Link
http://www.redhat.com/support/errata/RHSA-2008-0180.html	Broken Link
http://www.redhat.com/support/errata/RHSA-2008-0181.html	Broken Link
http://www.redhat.com/support/errata/RHSA-2008-0182.html	Broken Link
http://www.securityfocus.com/archive/1/489761	Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/489883/100/0/threaded	Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/493080/100/0/threaded	Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/28303	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1019627	Broken Link Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/usn-587-1	Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2008-0009.html	Third Party Advisory
http://www.vupen.com/english/advisories/2008/0922/references	Broken Link Vendor Advisory
http://www.vupen.com/english/advisories/2008/0924/references	Broken Link Vendor Advisory
http://www.vupen.com/english/advisories/2008/1102/references	Broken Link Vendor Advisory
http://www.vupen.com/english/advisories/2008/1744	Broken Link Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/41277	Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8916	Broken Link
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html	Mailing List
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html	Mailing List
http://docs.info.apple.com/article.html?artnum=307562	Broken Link
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html	Mailing List
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html	Mailing List
http://secunia.com/advisories/29420	Broken Link Vendor Advisory
http://secunia.com/advisories/29423	Broken Link Vendor Advisory
http://secunia.com/advisories/29424	Broken Link Vendor Advisory
http://secunia.com/advisories/29428	Broken Link Vendor Advisory
http://secunia.com/advisories/29435	Broken Link Vendor Advisory
http://secunia.com/advisories/29438	Broken Link Vendor Advisory
http://secunia.com/advisories/29450	Broken Link Vendor Advisory
http://secunia.com/advisories/29451	Broken Link Vendor Advisory
http://secunia.com/advisories/29457	Broken Link Vendor Advisory
http://secunia.com/advisories/29462	Broken Link Vendor Advisory
http://secunia.com/advisories/29464	Broken Link Vendor Advisory
http://secunia.com/advisories/29516	Broken Link Vendor Advisory
http://secunia.com/advisories/29663	Broken Link Vendor Advisory
http://secunia.com/advisories/30535	Broken Link Vendor Advisory
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html	Broken Link
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html	Broken Link
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt	Third Party Advisory
http://wiki.rpath.com/Advisories:rPSA-2008-0112	Broken Link
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112	Broken Link
http://www.debian.org/security/2008/dsa-1524	Third Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml	Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:069	Patch Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:070	Patch Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:071	Patch Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0164.html	Broken Link
http://www.redhat.com/support/errata/RHSA-2008-0180.html	Broken Link
http://www.redhat.com/support/errata/RHSA-2008-0181.html	Broken Link
http://www.redhat.com/support/errata/RHSA-2008-0182.html	Broken Link
http://www.securityfocus.com/archive/1/489761	Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/489883/100/0/threaded	Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/493080/100/0/threaded	Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/28303	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1019627	Broken Link Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/usn-587-1	Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2008-0009.html	Third Party Advisory
http://www.vupen.com/english/advisories/2008/0922/references	Broken Link Vendor Advisory
http://www.vupen.com/english/advisories/2008/0924/references	Broken Link Vendor Advisory
http://www.vupen.com/english/advisories/2008/1102/references	Broken Link Vendor Advisory
http://www.vupen.com/english/advisories/2008/1744	Broken Link Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/41277	Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8916	Broken Link
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html	Mailing List
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html	Mailing List

Configurations

Configuration 1 (hide)

cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:apple:mac_os_x::::::::
	cpe:2.3:o:apple:mac_os_x::::::::
	cpe:2.3:o:apple:mac_os_x_server::::::::
	cpe:2.3:o:apple:mac_os_x_server::::::::

Configuration 3 (hide)

OR	cpe:2.3:o:opensuse:opensuse:10.2:::::::*
	cpe:2.3:o:opensuse:opensuse:10.3:::::::*
	cpe:2.3:o:suse:linux:10.1:::::::*
	cpe:2.3:o:suse:linux_enterprise_desktop:10:sp1::::::
	cpe:2.3:o:suse:linux_enterprise_server:10:sp1::::::
	cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp1::::::

Configuration 4 (hide)

OR	cpe:2.3:o:debian:debian_linux:3.1:::::::*
	cpe:2.3:o:debian:debian_linux:4.0:::::::*

Configuration 5 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:6.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:7.04:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:7.10:::::::*

Configuration 6 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:7:::::::*
	cpe:2.3:o:fedoraproject:fedora:8:::::::*

History

21 Nov 2024, 00:41

09 Feb 2024, 00:35

Information

Published : 2008-03-19 10:44

Updated : 2024-11-21 00:41

NVD link : CVE-2008-0063

Mitre link : CVE-2008-0063

CVE.ORG link : CVE-2008-0063

JSON object : View

Products Affected

mit

kerberos_5

debian

debian_linux

suse

linux
linux_enterprise_server
linux_enterprise_software_development_kit
linux_enterprise_desktop

apple

mac_os_x_server
mac_os_x

opensuse

opensuse

canonical

ubuntu_linux

fedoraproject

fedora

CWE

CWE-908

Use of Uninitialized Resource

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2008-0063

7.5^/10

4.3^/10

Attach tags to `CVE-2008-0063`