The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
History
21 Nov 2024, 00:41
Type | Values Removed | Values Added |
---|---|---|
References | () http://docs.info.apple.com/article.html?artnum=307562 - Broken Link | |
References | () http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html - Mailing List | |
References | () http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html - Mailing List | |
References | () http://secunia.com/advisories/29420 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/29423 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/29424 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/29428 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/29435 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/29438 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/29450 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/29451 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/29457 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/29462 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/29464 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/29516 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/29663 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/30535 - Broken Link, Vendor Advisory | |
References | () http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html - Broken Link | |
References | () http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html - Broken Link | |
References | () http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt - Third Party Advisory | |
References | () http://wiki.rpath.com/Advisories:rPSA-2008-0112 - Broken Link | |
References | () http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112 - Broken Link | |
References | () http://www.debian.org/security/2008/dsa-1524 - Third Party Advisory | |
References | () http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml - Third Party Advisory | |
References | () http://www.mandriva.com/security/advisories?name=MDVSA-2008:069 - Patch, Third Party Advisory | |
References | () http://www.mandriva.com/security/advisories?name=MDVSA-2008:070 - Patch, Third Party Advisory | |
References | () http://www.mandriva.com/security/advisories?name=MDVSA-2008:071 - Patch, Third Party Advisory | |
References | () http://www.redhat.com/support/errata/RHSA-2008-0164.html - Broken Link | |
References | () http://www.redhat.com/support/errata/RHSA-2008-0180.html - Broken Link | |
References | () http://www.redhat.com/support/errata/RHSA-2008-0181.html - Broken Link | |
References | () http://www.redhat.com/support/errata/RHSA-2008-0182.html - Broken Link | |
References | () http://www.securityfocus.com/archive/1/489761 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.securityfocus.com/archive/1/489883/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.securityfocus.com/archive/1/493080/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.securityfocus.com/bid/28303 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.securitytracker.com/id?1019627 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.ubuntu.com/usn/usn-587-1 - Third Party Advisory | |
References | () http://www.vmware.com/security/advisories/VMSA-2008-0009.html - Third Party Advisory | |
References | () http://www.vupen.com/english/advisories/2008/0922/references - Broken Link, Vendor Advisory | |
References | () http://www.vupen.com/english/advisories/2008/0924/references - Broken Link, Vendor Advisory | |
References | () http://www.vupen.com/english/advisories/2008/1102/references - Broken Link, Vendor Advisory | |
References | () http://www.vupen.com/english/advisories/2008/1744 - Broken Link, Vendor Advisory | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/41277 - Third Party Advisory, VDB Entry | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8916 - Broken Link | |
References | () https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html - Mailing List | |
References | () https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html - Mailing List |
09 Feb 2024, 00:35
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-908 | |
CPE | cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:* cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:* cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:* |
cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:* cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:* cpe:2.3:o:suse:linux:10.1:*:*:*:*:*:*:* cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_desktop:10:sp1:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:* cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp1:*:*:*:*:*:* cpe:2.3:o:opensuse:opensuse:10.2:*:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_server:10:sp1:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:* |
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 7.5 |
First Time |
Suse linux Enterprise Server
Canonical Debian Opensuse opensuse Suse linux Enterprise Software Development Kit Suse linux Opensuse Canonical ubuntu Linux Suse linux Enterprise Desktop Fedoraproject Suse Debian debian Linux Fedoraproject fedora |
|
References | () http://docs.info.apple.com/article.html?artnum=307562 - Broken Link | |
References | () http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html - Mailing List | |
References | () http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html - Mailing List | |
References | () http://secunia.com/advisories/29420 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/29423 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/29424 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/29428 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/29435 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/29438 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/29450 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/29451 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/29457 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/29462 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/29464 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/29516 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/29663 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/30535 - Broken Link, Vendor Advisory | |
References | () http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html - Broken Link | |
References | () http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html - Broken Link | |
References | () http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt - Third Party Advisory | |
References | () http://wiki.rpath.com/Advisories:rPSA-2008-0112 - Broken Link | |
References | () http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112 - Broken Link | |
References | () http://www.debian.org/security/2008/dsa-1524 - Third Party Advisory | |
References | () http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml - Third Party Advisory | |
References | () http://www.mandriva.com/security/advisories?name=MDVSA-2008:069 - Patch, Third Party Advisory | |
References | () http://www.mandriva.com/security/advisories?name=MDVSA-2008:070 - Patch, Third Party Advisory | |
References | () http://www.mandriva.com/security/advisories?name=MDVSA-2008:071 - Patch, Third Party Advisory | |
References | () http://www.redhat.com/support/errata/RHSA-2008-0164.html - Broken Link | |
References | () http://www.redhat.com/support/errata/RHSA-2008-0180.html - Broken Link | |
References | () http://www.redhat.com/support/errata/RHSA-2008-0181.html - Broken Link | |
References | () http://www.redhat.com/support/errata/RHSA-2008-0182.html - Broken Link | |
References | () http://www.securityfocus.com/archive/1/489761 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.securityfocus.com/archive/1/489883/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.securityfocus.com/archive/1/493080/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.securityfocus.com/bid/28303 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.securitytracker.com/id?1019627 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.ubuntu.com/usn/usn-587-1 - Third Party Advisory | |
References | () http://www.vmware.com/security/advisories/VMSA-2008-0009.html - Third Party Advisory | |
References | () http://www.vupen.com/english/advisories/2008/0922/references - Broken Link, Vendor Advisory | |
References | () http://www.vupen.com/english/advisories/2008/0924/references - Broken Link, Vendor Advisory | |
References | () http://www.vupen.com/english/advisories/2008/1102/references - Broken Link, Vendor Advisory | |
References | () http://www.vupen.com/english/advisories/2008/1744 - Broken Link, Vendor Advisory | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/41277 - Third Party Advisory, VDB Entry | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8916 - Broken Link | |
References | () https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html - Mailing List | |
References | () https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html - Mailing List |
Information
Published : 2008-03-19 10:44
Updated : 2025-04-09 00:30
NVD link : CVE-2008-0063
Mitre link : CVE-2008-0063
CVE.ORG link : CVE-2008-0063
JSON object : View
Products Affected
debian
- debian_linux
fedoraproject
- fedora
suse
- linux_enterprise_server
- linux_enterprise_desktop
- linux
- linux_enterprise_software_development_kit
apple
- mac_os_x_server
- mac_os_x
mit
- kerberos_5
opensuse
- opensuse
canonical
- ubuntu_linux
CWE
CWE-908
Use of Uninitialized Resource