CVE-2008-0063

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2008-0063
The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
http://docs.info.apple.com/article.html?artnum=307562 Broken Link
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html Mailing List
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html Mailing List
http://secunia.com/advisories/29420 Broken Link Vendor Advisory
http://secunia.com/advisories/29423 Broken Link Vendor Advisory
http://secunia.com/advisories/29424 Broken Link Vendor Advisory
http://secunia.com/advisories/29428 Broken Link Vendor Advisory
http://secunia.com/advisories/29435 Broken Link Vendor Advisory
http://secunia.com/advisories/29438 Broken Link Vendor Advisory
http://secunia.com/advisories/29450 Broken Link Vendor Advisory
http://secunia.com/advisories/29451 Broken Link Vendor Advisory
http://secunia.com/advisories/29457 Broken Link Vendor Advisory
http://secunia.com/advisories/29462 Broken Link Vendor Advisory
http://secunia.com/advisories/29464 Broken Link Vendor Advisory
http://secunia.com/advisories/29516 Broken Link Vendor Advisory
http://secunia.com/advisories/29663 Broken Link Vendor Advisory
http://secunia.com/advisories/30535 Broken Link Vendor Advisory
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html Broken Link
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html Broken Link
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt Third Party Advisory
http://wiki.rpath.com/Advisories:rPSA-2008-0112 Broken Link
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112 Broken Link
http://www.debian.org/security/2008/dsa-1524 Third Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:069 Patch Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:070 Patch Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:071 Patch Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0164.html Broken Link
http://www.redhat.com/support/errata/RHSA-2008-0180.html Broken Link
http://www.redhat.com/support/errata/RHSA-2008-0181.html Broken Link
http://www.redhat.com/support/errata/RHSA-2008-0182.html Broken Link
http://www.securityfocus.com/archive/1/489761 Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/489883/100/0/threaded Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/493080/100/0/threaded Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/28303 Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1019627 Broken Link Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/usn-587-1 Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2008-0009.html Third Party Advisory
http://www.vupen.com/english/advisories/2008/0922/references Broken Link Vendor Advisory
http://www.vupen.com/english/advisories/2008/0924/references Broken Link Vendor Advisory
http://www.vupen.com/english/advisories/2008/1102/references Broken Link Vendor Advisory
http://www.vupen.com/english/advisories/2008/1744 Broken Link Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/41277 Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8916 Broken Link
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html Mailing List
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html Mailing List
Configurations

Configuration 1 (hide)

cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:opensuse:opensuse:10.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux:10.1:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp1:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*

Configuration 6 (hide)

OR cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*
History

09 Feb 2024, 00:35

Type Values Removed Values Added
References () http://docs.info.apple.com/article.html?artnum=307562 - () http://docs.info.apple.com/article.html?artnum=307562 - Broken Link
References () http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html - () http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html - Mailing List
References () http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html - () http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html - Mailing List
References () http://secunia.com/advisories/29420 - Vendor Advisory () http://secunia.com/advisories/29420 - Broken Link, Vendor Advisory
References () http://secunia.com/advisories/29423 - Vendor Advisory () http://secunia.com/advisories/29423 - Broken Link, Vendor Advisory
References () http://secunia.com/advisories/29424 - Vendor Advisory () http://secunia.com/advisories/29424 - Broken Link, Vendor Advisory
References () http://secunia.com/advisories/29428 - Vendor Advisory () http://secunia.com/advisories/29428 - Broken Link, Vendor Advisory
References () http://secunia.com/advisories/29435 - Vendor Advisory () http://secunia.com/advisories/29435 - Broken Link, Vendor Advisory
References () http://secunia.com/advisories/29438 - Vendor Advisory () http://secunia.com/advisories/29438 - Broken Link, Vendor Advisory
References () http://secunia.com/advisories/29450 - Vendor Advisory () http://secunia.com/advisories/29450 - Broken Link, Vendor Advisory
References () http://secunia.com/advisories/29451 - Vendor Advisory () http://secunia.com/advisories/29451 - Broken Link, Vendor Advisory
References () http://secunia.com/advisories/29457 - Vendor Advisory () http://secunia.com/advisories/29457 - Broken Link, Vendor Advisory
References () http://secunia.com/advisories/29462 - Vendor Advisory () http://secunia.com/advisories/29462 - Broken Link, Vendor Advisory
References () http://secunia.com/advisories/29464 - Vendor Advisory () http://secunia.com/advisories/29464 - Broken Link, Vendor Advisory
References () http://secunia.com/advisories/29516 - Vendor Advisory () http://secunia.com/advisories/29516 - Broken Link, Vendor Advisory
References () http://secunia.com/advisories/29663 - Vendor Advisory () http://secunia.com/advisories/29663 - Broken Link, Vendor Advisory
References () http://secunia.com/advisories/30535 - Vendor Advisory () http://secunia.com/advisories/30535 - Broken Link, Vendor Advisory
References () http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html - () http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html - Broken Link
References () http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html - () http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html - Broken Link
References () http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt - Patch () http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt - Third Party Advisory
References () http://wiki.rpath.com/Advisories:rPSA-2008-0112 - () http://wiki.rpath.com/Advisories:rPSA-2008-0112 - Broken Link
References () http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112 - () http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112 - Broken Link
References () http://www.debian.org/security/2008/dsa-1524 - () http://www.debian.org/security/2008/dsa-1524 - Third Party Advisory
References () http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml - () http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml - Third Party Advisory
References () http://www.mandriva.com/security/advisories?name=MDVSA-2008:069 - () http://www.mandriva.com/security/advisories?name=MDVSA-2008:069 - Patch, Third Party Advisory
References () http://www.mandriva.com/security/advisories?name=MDVSA-2008:070 - () http://www.mandriva.com/security/advisories?name=MDVSA-2008:070 - Patch, Third Party Advisory
References () http://www.mandriva.com/security/advisories?name=MDVSA-2008:071 - () http://www.mandriva.com/security/advisories?name=MDVSA-2008:071 - Patch, Third Party Advisory
References () http://www.redhat.com/support/errata/RHSA-2008-0164.html - () http://www.redhat.com/support/errata/RHSA-2008-0164.html - Broken Link
References () http://www.redhat.com/support/errata/RHSA-2008-0180.html - () http://www.redhat.com/support/errata/RHSA-2008-0180.html - Broken Link
References () http://www.redhat.com/support/errata/RHSA-2008-0181.html - () http://www.redhat.com/support/errata/RHSA-2008-0181.html - Broken Link
References () http://www.redhat.com/support/errata/RHSA-2008-0182.html - () http://www.redhat.com/support/errata/RHSA-2008-0182.html - Broken Link
References () http://www.securityfocus.com/archive/1/489761 - () http://www.securityfocus.com/archive/1/489761 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.securityfocus.com/archive/1/489883/100/0/threaded - () http://www.securityfocus.com/archive/1/489883/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry
References () http://www.securityfocus.com/archive/1/493080/100/0/threaded - () http://www.securityfocus.com/archive/1/493080/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry
References () http://www.securityfocus.com/bid/28303 - () http://www.securityfocus.com/bid/28303 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.securitytracker.com/id?1019627 - () http://www.securitytracker.com/id?1019627 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.ubuntu.com/usn/usn-587-1 - () http://www.ubuntu.com/usn/usn-587-1 - Third Party Advisory
References () http://www.vmware.com/security/advisories/VMSA-2008-0009.html - () http://www.vmware.com/security/advisories/VMSA-2008-0009.html - Third Party Advisory
References () http://www.vupen.com/english/advisories/2008/0922/references - Vendor Advisory () http://www.vupen.com/english/advisories/2008/0922/references - Broken Link, Vendor Advisory
References () http://www.vupen.com/english/advisories/2008/0924/references - Vendor Advisory () http://www.vupen.com/english/advisories/2008/0924/references - Broken Link, Vendor Advisory
References () http://www.vupen.com/english/advisories/2008/1102/references - Vendor Advisory () http://www.vupen.com/english/advisories/2008/1102/references - Broken Link, Vendor Advisory
References () http://www.vupen.com/english/advisories/2008/1744 - Vendor Advisory () http://www.vupen.com/english/advisories/2008/1744 - Broken Link, Vendor Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/41277 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/41277 - Third Party Advisory, VDB Entry
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8916 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8916 - Broken Link
References () https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html - () https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html - Mailing List
References () https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html - () https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html - Mailing List
CWE CWE-119 CWE-908
First Time Opensuse opensuse
Debian
Canonical
Suse linux Enterprise Desktop
Suse linux Enterprise Server
Debian debian Linux
Fedoraproject fedora
Opensuse
Fedoraproject
Suse
Suse linux
Canonical ubuntu Linux
Suse linux Enterprise Software Development Kit
CVSS v2 : 4.3
v3 : unknown 		v2 : 4.3
v3 : 7.5
CPE cpe:2.3:o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*		 cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux:10.1:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:10.2:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp1:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp1:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp1:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
Information

Published : 2008-03-19 10:44

Updated : 2024-02-09 00:35

NVD link : CVE-2008-0063

Mitre link : CVE-2008-0063

CVE.ORG link : CVE-2008-0063

JSON object : View

Products Affected

suse

  • linux_enterprise_server
  • linux_enterprise_software_development_kit
  • linux
  • linux_enterprise_desktop

opensuse

  • opensuse

apple

  • mac_os_x_server
  • mac_os_x

debian

  • debian_linux

canonical

  • ubuntu_linux

mit

  • kerberos_5

fedoraproject

  • fedora
CWE
CWE-908

Use of Uninitialized Resource