The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
History
09 Feb 2024, 00:35
Type | Values Removed | Values Added |
---|---|---|
References | () http://docs.info.apple.com/article.html?artnum=307562 - Broken Link | |
References | () http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html - Mailing List | |
References | () http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html - Mailing List | |
References | () http://secunia.com/advisories/29420 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/29423 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/29424 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/29428 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/29435 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/29438 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/29450 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/29451 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/29457 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/29462 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/29464 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/29516 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/29663 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/30535 - Broken Link, Vendor Advisory | |
References | () http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html - Broken Link | |
References | () http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html - Broken Link | |
References | () http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt - Third Party Advisory | |
References | () http://wiki.rpath.com/Advisories:rPSA-2008-0112 - Broken Link | |
References | () http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112 - Broken Link | |
References | () http://www.debian.org/security/2008/dsa-1524 - Third Party Advisory | |
References | () http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml - Third Party Advisory | |
References | () http://www.mandriva.com/security/advisories?name=MDVSA-2008:069 - Patch, Third Party Advisory | |
References | () http://www.mandriva.com/security/advisories?name=MDVSA-2008:070 - Patch, Third Party Advisory | |
References | () http://www.mandriva.com/security/advisories?name=MDVSA-2008:071 - Patch, Third Party Advisory | |
References | () http://www.redhat.com/support/errata/RHSA-2008-0164.html - Broken Link | |
References | () http://www.redhat.com/support/errata/RHSA-2008-0180.html - Broken Link | |
References | () http://www.redhat.com/support/errata/RHSA-2008-0181.html - Broken Link | |
References | () http://www.redhat.com/support/errata/RHSA-2008-0182.html - Broken Link | |
References | () http://www.securityfocus.com/archive/1/489761 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.securityfocus.com/archive/1/489883/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.securityfocus.com/archive/1/493080/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.securityfocus.com/bid/28303 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.securitytracker.com/id?1019627 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.ubuntu.com/usn/usn-587-1 - Third Party Advisory | |
References | () http://www.vmware.com/security/advisories/VMSA-2008-0009.html - Third Party Advisory | |
References | () http://www.vupen.com/english/advisories/2008/0922/references - Broken Link, Vendor Advisory | |
References | () http://www.vupen.com/english/advisories/2008/0924/references - Broken Link, Vendor Advisory | |
References | () http://www.vupen.com/english/advisories/2008/1102/references - Broken Link, Vendor Advisory | |
References | () http://www.vupen.com/english/advisories/2008/1744 - Broken Link, Vendor Advisory | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/41277 - Third Party Advisory, VDB Entry | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8916 - Broken Link | |
References | () https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html - Mailing List | |
References | () https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html - Mailing List | |
CWE | CWE-908 | |
First Time |
Opensuse opensuse
Debian Canonical Suse linux Enterprise Desktop Suse linux Enterprise Server Debian debian Linux Fedoraproject fedora Opensuse Fedoraproject Suse Suse linux Canonical ubuntu Linux Suse linux Enterprise Software Development Kit |
|
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 7.5 |
CPE | cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:* cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:* cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:* |
cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:* cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:* cpe:2.3:o:suse:linux:10.1:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:* cpe:2.3:o:opensuse:opensuse:10.2:*:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp1:*:*:*:*:*:* cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_server:10:sp1:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_desktop:10:sp1:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:* cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:* |
Information
Published : 2008-03-19 10:44
Updated : 2024-02-09 00:35
NVD link : CVE-2008-0063
Mitre link : CVE-2008-0063
CVE.ORG link : CVE-2008-0063
JSON object : View
Products Affected
suse
- linux_enterprise_server
- linux_enterprise_software_development_kit
- linux
- linux_enterprise_desktop
opensuse
- opensuse
apple
- mac_os_x_server
- mac_os_x
debian
- debian_linux
canonical
- ubuntu_linux
mit
- kerberos_5
fedoraproject
- fedora
CWE
CWE-908
Use of Uninitialized Resource