The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
History
09 Feb 2024, 00:35
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-908 | |
References | (SECUNIA) http://secunia.com/advisories/29462 - Broken Link, Vendor Advisory | |
References | (CONFIRM) http://docs.info.apple.com/article.html?artnum=307562 - Broken Link | |
References | (CONFIRM) http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt - Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/29423 - Broken Link, Vendor Advisory | |
References | (CONFIRM) http://wiki.rpath.com/Advisories:rPSA-2008-0112 - Broken Link | |
References | (FEDORA) https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html - Mailing List | |
References | (BID) http://www.securityfocus.com/bid/28303 - Broken Link, Third Party Advisory, VDB Entry | |
References | (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2008:069 - Patch, Third Party Advisory | |
References | (VUPEN) http://www.vupen.com/english/advisories/2008/0922/references - Broken Link, Vendor Advisory | |
References | (GENTOO) http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml - Third Party Advisory | |
References | (FEDORA) https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html - Mailing List | |
References | (REDHAT) http://www.redhat.com/support/errata/RHSA-2008-0181.html - Broken Link | |
References | (DEBIAN) http://www.debian.org/security/2008/dsa-1524 - Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/29516 - Broken Link, Vendor Advisory | |
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/41277 - Third Party Advisory, VDB Entry | |
References | (SECTRACK) http://www.securitytracker.com/id?1019627 - Broken Link, Third Party Advisory, VDB Entry | |
References | (SECUNIA) http://secunia.com/advisories/29450 - Broken Link, Vendor Advisory | |
References | (SECUNIA) http://secunia.com/advisories/29435 - Broken Link, Vendor Advisory | |
References | (CONFIRM) http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112 - Broken Link | |
References | (SECUNIA) http://secunia.com/advisories/29663 - Broken Link, Vendor Advisory | |
References | (SECUNIA) http://secunia.com/advisories/29451 - Broken Link, Vendor Advisory | |
References | (APPLE) http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html - Mailing List | |
References | (REDHAT) http://www.redhat.com/support/errata/RHSA-2008-0182.html - Broken Link | |
References | (VUPEN) http://www.vupen.com/english/advisories/2008/1744 - Broken Link, Vendor Advisory | |
References | (BUGTRAQ) http://www.securityfocus.com/archive/1/489883/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry | |
References | (BUGTRAQ) http://www.securityfocus.com/archive/1/493080/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry | |
References | (UBUNTU) http://www.ubuntu.com/usn/usn-587-1 - Third Party Advisory | |
References | (CONFIRM) http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html - Broken Link | |
References | (VUPEN) http://www.vupen.com/english/advisories/2008/1102/references - Broken Link, Vendor Advisory | |
References | (REDHAT) http://www.redhat.com/support/errata/RHSA-2008-0164.html - Broken Link | |
References | (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2008:071 - Patch, Third Party Advisory | |
References | (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2008:070 - Patch, Third Party Advisory | |
References | (CONFIRM) http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html - Broken Link | |
References | (SECUNIA) http://secunia.com/advisories/30535 - Broken Link, Vendor Advisory | |
References | (SECUNIA) http://secunia.com/advisories/29464 - Broken Link, Vendor Advisory | |
References | (SECUNIA) http://secunia.com/advisories/29420 - Broken Link, Vendor Advisory | |
References | (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8916 - Broken Link | |
References | (VUPEN) http://www.vupen.com/english/advisories/2008/0924/references - Broken Link, Vendor Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html - Mailing List | |
References | (CONFIRM) http://www.vmware.com/security/advisories/VMSA-2008-0009.html - Third Party Advisory | |
References | (REDHAT) http://www.redhat.com/support/errata/RHSA-2008-0180.html - Broken Link | |
References | (SECUNIA) http://secunia.com/advisories/29457 - Broken Link, Vendor Advisory | |
References | (SECUNIA) http://secunia.com/advisories/29438 - Broken Link, Vendor Advisory | |
References | (SECUNIA) http://secunia.com/advisories/29428 - Broken Link, Vendor Advisory | |
References | (BUGTRAQ) http://www.securityfocus.com/archive/1/489761 - Broken Link, Third Party Advisory, VDB Entry | |
References | (SECUNIA) http://secunia.com/advisories/29424 - Broken Link, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 7.5 |
First Time |
Suse linux
Canonical Canonical ubuntu Linux Debian debian Linux Suse linux Enterprise Desktop Suse Debian Fedoraproject fedora Opensuse opensuse Fedoraproject Suse linux Enterprise Server Opensuse Suse linux Enterprise Software Development Kit |
|
CPE | cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:* cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:* cpe:2.3:o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:* |
cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp1:*:*:*:*:*:* cpe:2.3:o:opensuse:opensuse:10.2:*:*:*:*:*:*:* cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_server:10:sp1:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:* cpe:2.3:o:suse:linux:10.1:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:* cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_desktop:10:sp1:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:* |
Information
Published : 2008-03-19 10:44
Updated : 2024-02-28 11:21
NVD link : CVE-2008-0063
Mitre link : CVE-2008-0063
CVE.ORG link : CVE-2008-0063
JSON object : View
Products Affected
opensuse
- opensuse
suse
- linux_enterprise_server
- linux
- linux_enterprise_desktop
- linux_enterprise_software_development_kit
debian
- debian_linux
apple
- mac_os_x
- mac_os_x_server
mit
- kerberos_5
canonical
- ubuntu_linux
fedoraproject
- fedora
CWE
CWE-908
Use of Uninitialized Resource