The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
History
21 Nov 2024, 00:41
Type | Values Removed | Values Added |
---|---|---|
References | () http://docs.info.apple.com/article.html?artnum=307562 - Broken Link | |
References | () http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html - Mailing List | |
References | () http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html - Mailing List | |
References | () http://secunia.com/advisories/29420 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/29423 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/29424 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/29428 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/29435 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/29438 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/29450 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/29451 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/29457 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/29462 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/29464 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/29516 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/29663 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/30535 - Broken Link, Vendor Advisory | |
References | () http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html - Broken Link | |
References | () http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html - Broken Link | |
References | () http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt - Third Party Advisory | |
References | () http://wiki.rpath.com/Advisories:rPSA-2008-0112 - Broken Link | |
References | () http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112 - Broken Link | |
References | () http://www.debian.org/security/2008/dsa-1524 - Third Party Advisory | |
References | () http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml - Third Party Advisory | |
References | () http://www.mandriva.com/security/advisories?name=MDVSA-2008:069 - Patch, Third Party Advisory | |
References | () http://www.mandriva.com/security/advisories?name=MDVSA-2008:070 - Patch, Third Party Advisory | |
References | () http://www.mandriva.com/security/advisories?name=MDVSA-2008:071 - Patch, Third Party Advisory | |
References | () http://www.redhat.com/support/errata/RHSA-2008-0164.html - Broken Link | |
References | () http://www.redhat.com/support/errata/RHSA-2008-0180.html - Broken Link | |
References | () http://www.redhat.com/support/errata/RHSA-2008-0181.html - Broken Link | |
References | () http://www.redhat.com/support/errata/RHSA-2008-0182.html - Broken Link | |
References | () http://www.securityfocus.com/archive/1/489761 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.securityfocus.com/archive/1/489883/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.securityfocus.com/archive/1/493080/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.securityfocus.com/bid/28303 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.securitytracker.com/id?1019627 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.ubuntu.com/usn/usn-587-1 - Third Party Advisory | |
References | () http://www.vmware.com/security/advisories/VMSA-2008-0009.html - Third Party Advisory | |
References | () http://www.vupen.com/english/advisories/2008/0922/references - Broken Link, Vendor Advisory | |
References | () http://www.vupen.com/english/advisories/2008/0924/references - Broken Link, Vendor Advisory | |
References | () http://www.vupen.com/english/advisories/2008/1102/references - Broken Link, Vendor Advisory | |
References | () http://www.vupen.com/english/advisories/2008/1744 - Broken Link, Vendor Advisory | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/41277 - Third Party Advisory, VDB Entry | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8916 - Broken Link | |
References | () https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html - Mailing List | |
References | () https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html - Mailing List |
09 Feb 2024, 00:35
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 7.5 |
CWE | CWE-908 | |
References | () http://docs.info.apple.com/article.html?artnum=307562 - Broken Link | |
References | () http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html - Mailing List | |
References | () http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html - Mailing List | |
References | () http://secunia.com/advisories/29420 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/29423 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/29424 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/29428 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/29435 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/29438 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/29450 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/29451 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/29457 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/29462 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/29464 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/29516 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/29663 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/30535 - Broken Link, Vendor Advisory | |
References | () http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html - Broken Link | |
References | () http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html - Broken Link | |
References | () http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt - Third Party Advisory | |
References | () http://wiki.rpath.com/Advisories:rPSA-2008-0112 - Broken Link | |
References | () http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112 - Broken Link | |
References | () http://www.debian.org/security/2008/dsa-1524 - Third Party Advisory | |
References | () http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml - Third Party Advisory | |
References | () http://www.mandriva.com/security/advisories?name=MDVSA-2008:069 - Patch, Third Party Advisory | |
References | () http://www.mandriva.com/security/advisories?name=MDVSA-2008:070 - Patch, Third Party Advisory | |
References | () http://www.mandriva.com/security/advisories?name=MDVSA-2008:071 - Patch, Third Party Advisory | |
References | () http://www.redhat.com/support/errata/RHSA-2008-0164.html - Broken Link | |
References | () http://www.redhat.com/support/errata/RHSA-2008-0180.html - Broken Link | |
References | () http://www.redhat.com/support/errata/RHSA-2008-0181.html - Broken Link | |
References | () http://www.redhat.com/support/errata/RHSA-2008-0182.html - Broken Link | |
References | () http://www.securityfocus.com/archive/1/489761 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.securityfocus.com/archive/1/489883/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.securityfocus.com/archive/1/493080/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.securityfocus.com/bid/28303 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.securitytracker.com/id?1019627 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.ubuntu.com/usn/usn-587-1 - Third Party Advisory | |
References | () http://www.vmware.com/security/advisories/VMSA-2008-0009.html - Third Party Advisory | |
References | () http://www.vupen.com/english/advisories/2008/0922/references - Broken Link, Vendor Advisory | |
References | () http://www.vupen.com/english/advisories/2008/0924/references - Broken Link, Vendor Advisory | |
References | () http://www.vupen.com/english/advisories/2008/1102/references - Broken Link, Vendor Advisory | |
References | () http://www.vupen.com/english/advisories/2008/1744 - Broken Link, Vendor Advisory | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/41277 - Third Party Advisory, VDB Entry | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8916 - Broken Link | |
References | () https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html - Mailing List | |
References | () https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html - Mailing List | |
CPE | cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:* cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:* cpe:2.3:o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:* |
cpe:2.3:o:opensuse:opensuse:10.2:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:* cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp1:*:*:*:*:*:* cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_server:10:sp1:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:* cpe:2.3:o:suse:linux:10.1:*:*:*:*:*:*:* cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_desktop:10:sp1:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:* |
First Time |
Suse linux Enterprise Server
Canonical ubuntu Linux Debian Debian debian Linux Fedoraproject fedora Suse Opensuse opensuse Fedoraproject Suse linux Enterprise Desktop Suse linux Enterprise Software Development Kit Suse linux Opensuse Canonical |
Information
Published : 2008-03-19 10:44
Updated : 2024-11-21 00:41
NVD link : CVE-2008-0063
Mitre link : CVE-2008-0063
CVE.ORG link : CVE-2008-0063
JSON object : View
Products Affected
canonical
- ubuntu_linux
suse
- linux
- linux_enterprise_server
- linux_enterprise_software_development_kit
- linux_enterprise_desktop
opensuse
- opensuse
fedoraproject
- fedora
debian
- debian_linux
mit
- kerberos_5
apple
- mac_os_x_server
- mac_os_x
CWE
CWE-908
Use of Uninitialized Resource