CVE-2008-0063

The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."
References
Link Resource
http://docs.info.apple.com/article.html?artnum=307562 Broken Link
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html Mailing List
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html Mailing List
http://secunia.com/advisories/29420 Broken Link Vendor Advisory
http://secunia.com/advisories/29423 Broken Link Vendor Advisory
http://secunia.com/advisories/29424 Broken Link Vendor Advisory
http://secunia.com/advisories/29428 Broken Link Vendor Advisory
http://secunia.com/advisories/29435 Broken Link Vendor Advisory
http://secunia.com/advisories/29438 Broken Link Vendor Advisory
http://secunia.com/advisories/29450 Broken Link Vendor Advisory
http://secunia.com/advisories/29451 Broken Link Vendor Advisory
http://secunia.com/advisories/29457 Broken Link Vendor Advisory
http://secunia.com/advisories/29462 Broken Link Vendor Advisory
http://secunia.com/advisories/29464 Broken Link Vendor Advisory
http://secunia.com/advisories/29516 Broken Link Vendor Advisory
http://secunia.com/advisories/29663 Broken Link Vendor Advisory
http://secunia.com/advisories/30535 Broken Link Vendor Advisory
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html Broken Link
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html Broken Link
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt Third Party Advisory
http://wiki.rpath.com/Advisories:rPSA-2008-0112 Broken Link
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112 Broken Link
http://www.debian.org/security/2008/dsa-1524 Third Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:069 Patch Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:070 Patch Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:071 Patch Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0164.html Broken Link
http://www.redhat.com/support/errata/RHSA-2008-0180.html Broken Link
http://www.redhat.com/support/errata/RHSA-2008-0181.html Broken Link
http://www.redhat.com/support/errata/RHSA-2008-0182.html Broken Link
http://www.securityfocus.com/archive/1/489761 Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/489883/100/0/threaded Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/493080/100/0/threaded Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/28303 Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1019627 Broken Link Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/usn-587-1 Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2008-0009.html Third Party Advisory
http://www.vupen.com/english/advisories/2008/0922/references Broken Link Vendor Advisory
http://www.vupen.com/english/advisories/2008/0924/references Broken Link Vendor Advisory
http://www.vupen.com/english/advisories/2008/1102/references Broken Link Vendor Advisory
http://www.vupen.com/english/advisories/2008/1744 Broken Link Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/41277 Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8916 Broken Link
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html Mailing List
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html Mailing List
Configurations

Configuration 1 (hide)

cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:opensuse:opensuse:10.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux:10.1:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp1:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*

Configuration 6 (hide)

OR cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*

History

09 Feb 2024, 00:35

Type Values Removed Values Added
CWE CWE-119 CWE-908
References (SECUNIA) http://secunia.com/advisories/29462 - Vendor Advisory (SECUNIA) http://secunia.com/advisories/29462 - Broken Link, Vendor Advisory
References (CONFIRM) http://docs.info.apple.com/article.html?artnum=307562 - (CONFIRM) http://docs.info.apple.com/article.html?artnum=307562 - Broken Link
References (CONFIRM) http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt - Patch (CONFIRM) http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt - Third Party Advisory
References (SECUNIA) http://secunia.com/advisories/29423 - Vendor Advisory (SECUNIA) http://secunia.com/advisories/29423 - Broken Link, Vendor Advisory
References (CONFIRM) http://wiki.rpath.com/Advisories:rPSA-2008-0112 - (CONFIRM) http://wiki.rpath.com/Advisories:rPSA-2008-0112 - Broken Link
References (FEDORA) https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html - (FEDORA) https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html - Mailing List
References (BID) http://www.securityfocus.com/bid/28303 - (BID) http://www.securityfocus.com/bid/28303 - Broken Link, Third Party Advisory, VDB Entry
References (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2008:069 - (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2008:069 - Patch, Third Party Advisory
References (VUPEN) http://www.vupen.com/english/advisories/2008/0922/references - Vendor Advisory (VUPEN) http://www.vupen.com/english/advisories/2008/0922/references - Broken Link, Vendor Advisory
References (GENTOO) http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml - (GENTOO) http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml - Third Party Advisory
References (FEDORA) https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html - (FEDORA) https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html - Mailing List
References (REDHAT) http://www.redhat.com/support/errata/RHSA-2008-0181.html - (REDHAT) http://www.redhat.com/support/errata/RHSA-2008-0181.html - Broken Link
References (DEBIAN) http://www.debian.org/security/2008/dsa-1524 - (DEBIAN) http://www.debian.org/security/2008/dsa-1524 - Third Party Advisory
References (SECUNIA) http://secunia.com/advisories/29516 - Vendor Advisory (SECUNIA) http://secunia.com/advisories/29516 - Broken Link, Vendor Advisory
References (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/41277 - (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/41277 - Third Party Advisory, VDB Entry
References (SECTRACK) http://www.securitytracker.com/id?1019627 - (SECTRACK) http://www.securitytracker.com/id?1019627 - Broken Link, Third Party Advisory, VDB Entry
References (SECUNIA) http://secunia.com/advisories/29450 - Vendor Advisory (SECUNIA) http://secunia.com/advisories/29450 - Broken Link, Vendor Advisory
References (SECUNIA) http://secunia.com/advisories/29435 - Vendor Advisory (SECUNIA) http://secunia.com/advisories/29435 - Broken Link, Vendor Advisory
References (CONFIRM) http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112 - (CONFIRM) http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112 - Broken Link
References (SECUNIA) http://secunia.com/advisories/29663 - Vendor Advisory (SECUNIA) http://secunia.com/advisories/29663 - Broken Link, Vendor Advisory
References (SECUNIA) http://secunia.com/advisories/29451 - Vendor Advisory (SECUNIA) http://secunia.com/advisories/29451 - Broken Link, Vendor Advisory
References (APPLE) http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html - (APPLE) http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html - Mailing List
References (REDHAT) http://www.redhat.com/support/errata/RHSA-2008-0182.html - (REDHAT) http://www.redhat.com/support/errata/RHSA-2008-0182.html - Broken Link
References (VUPEN) http://www.vupen.com/english/advisories/2008/1744 - Vendor Advisory (VUPEN) http://www.vupen.com/english/advisories/2008/1744 - Broken Link, Vendor Advisory
References (BUGTRAQ) http://www.securityfocus.com/archive/1/489883/100/0/threaded - (BUGTRAQ) http://www.securityfocus.com/archive/1/489883/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry
References (BUGTRAQ) http://www.securityfocus.com/archive/1/493080/100/0/threaded - (BUGTRAQ) http://www.securityfocus.com/archive/1/493080/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry
References (UBUNTU) http://www.ubuntu.com/usn/usn-587-1 - (UBUNTU) http://www.ubuntu.com/usn/usn-587-1 - Third Party Advisory
References (CONFIRM) http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html - (CONFIRM) http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html - Broken Link
References (VUPEN) http://www.vupen.com/english/advisories/2008/1102/references - Vendor Advisory (VUPEN) http://www.vupen.com/english/advisories/2008/1102/references - Broken Link, Vendor Advisory
References (REDHAT) http://www.redhat.com/support/errata/RHSA-2008-0164.html - (REDHAT) http://www.redhat.com/support/errata/RHSA-2008-0164.html - Broken Link
References (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2008:071 - (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2008:071 - Patch, Third Party Advisory
References (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2008:070 - (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2008:070 - Patch, Third Party Advisory
References (CONFIRM) http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html - (CONFIRM) http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html - Broken Link
References (SECUNIA) http://secunia.com/advisories/30535 - Vendor Advisory (SECUNIA) http://secunia.com/advisories/30535 - Broken Link, Vendor Advisory
References (SECUNIA) http://secunia.com/advisories/29464 - Vendor Advisory (SECUNIA) http://secunia.com/advisories/29464 - Broken Link, Vendor Advisory
References (SECUNIA) http://secunia.com/advisories/29420 - Vendor Advisory (SECUNIA) http://secunia.com/advisories/29420 - Broken Link, Vendor Advisory
References (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8916 - (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8916 - Broken Link
References (VUPEN) http://www.vupen.com/english/advisories/2008/0924/references - Vendor Advisory (VUPEN) http://www.vupen.com/english/advisories/2008/0924/references - Broken Link, Vendor Advisory
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html - Mailing List
References (CONFIRM) http://www.vmware.com/security/advisories/VMSA-2008-0009.html - (CONFIRM) http://www.vmware.com/security/advisories/VMSA-2008-0009.html - Third Party Advisory
References (REDHAT) http://www.redhat.com/support/errata/RHSA-2008-0180.html - (REDHAT) http://www.redhat.com/support/errata/RHSA-2008-0180.html - Broken Link
References (SECUNIA) http://secunia.com/advisories/29457 - Vendor Advisory (SECUNIA) http://secunia.com/advisories/29457 - Broken Link, Vendor Advisory
References (SECUNIA) http://secunia.com/advisories/29438 - Vendor Advisory (SECUNIA) http://secunia.com/advisories/29438 - Broken Link, Vendor Advisory
References (SECUNIA) http://secunia.com/advisories/29428 - Vendor Advisory (SECUNIA) http://secunia.com/advisories/29428 - Broken Link, Vendor Advisory
References (BUGTRAQ) http://www.securityfocus.com/archive/1/489761 - (BUGTRAQ) http://www.securityfocus.com/archive/1/489761 - Broken Link, Third Party Advisory, VDB Entry
References (SECUNIA) http://secunia.com/advisories/29424 - Vendor Advisory (SECUNIA) http://secunia.com/advisories/29424 - Broken Link, Vendor Advisory
CVSS v2 : 4.3
v3 : unknown
v2 : 4.3
v3 : 7.5
First Time Suse linux
Canonical
Canonical ubuntu Linux
Debian debian Linux
Suse linux Enterprise Desktop
Suse
Debian
Fedoraproject fedora
Opensuse opensuse
Fedoraproject
Suse linux Enterprise Server
Opensuse
Suse linux Enterprise Software Development Kit
CPE cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp1:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:10.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp1:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux:10.1:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp1:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*

Information

Published : 2008-03-19 10:44

Updated : 2024-02-28 11:21


NVD link : CVE-2008-0063

Mitre link : CVE-2008-0063

CVE.ORG link : CVE-2008-0063


JSON object : View

Products Affected

opensuse

  • opensuse

suse

  • linux_enterprise_server
  • linux
  • linux_enterprise_desktop
  • linux_enterprise_software_development_kit

debian

  • debian_linux

apple

  • mac_os_x
  • mac_os_x_server

mit

  • kerberos_5

canonical

  • ubuntu_linux

fedoraproject

  • fedora
CWE
CWE-908

Use of Uninitialized Resource