CVE-2008-0063

The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."

CVSS v3 7.5 HIGH
CVSS v2.0 4.3 MEDIUM

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://docs.info.apple.com/article.html?artnum=307562	Broken Link
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html	Mailing List
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html	Mailing List
http://secunia.com/advisories/29420	Broken Link Vendor Advisory
http://secunia.com/advisories/29423	Broken Link Vendor Advisory
http://secunia.com/advisories/29424	Broken Link Vendor Advisory
http://secunia.com/advisories/29428	Broken Link Vendor Advisory
http://secunia.com/advisories/29435	Broken Link Vendor Advisory
http://secunia.com/advisories/29438	Broken Link Vendor Advisory
http://secunia.com/advisories/29450	Broken Link Vendor Advisory
http://secunia.com/advisories/29451	Broken Link Vendor Advisory
http://secunia.com/advisories/29457	Broken Link Vendor Advisory
http://secunia.com/advisories/29462	Broken Link Vendor Advisory
http://secunia.com/advisories/29464	Broken Link Vendor Advisory
http://secunia.com/advisories/29516	Broken Link Vendor Advisory
http://secunia.com/advisories/29663	Broken Link Vendor Advisory
http://secunia.com/advisories/30535	Broken Link Vendor Advisory
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html	Broken Link
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html	Broken Link
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt	Third Party Advisory
http://wiki.rpath.com/Advisories:rPSA-2008-0112	Broken Link
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112	Broken Link
http://www.debian.org/security/2008/dsa-1524	Third Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml	Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:069	Patch Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:070	Patch Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:071	Patch Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0164.html	Broken Link
http://www.redhat.com/support/errata/RHSA-2008-0180.html	Broken Link
http://www.redhat.com/support/errata/RHSA-2008-0181.html	Broken Link
http://www.redhat.com/support/errata/RHSA-2008-0182.html	Broken Link
http://www.securityfocus.com/archive/1/489761	Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/489883/100/0/threaded	Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/493080/100/0/threaded	Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/28303	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1019627	Broken Link Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/usn-587-1	Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2008-0009.html	Third Party Advisory
http://www.vupen.com/english/advisories/2008/0922/references	Broken Link Vendor Advisory
http://www.vupen.com/english/advisories/2008/0924/references	Broken Link Vendor Advisory
http://www.vupen.com/english/advisories/2008/1102/references	Broken Link Vendor Advisory
http://www.vupen.com/english/advisories/2008/1744	Broken Link Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/41277	Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8916	Broken Link
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html	Mailing List
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html	Mailing List
http://docs.info.apple.com/article.html?artnum=307562	Broken Link
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html	Mailing List
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html	Mailing List
http://secunia.com/advisories/29420	Broken Link Vendor Advisory
http://secunia.com/advisories/29423	Broken Link Vendor Advisory
http://secunia.com/advisories/29424	Broken Link Vendor Advisory
http://secunia.com/advisories/29428	Broken Link Vendor Advisory
http://secunia.com/advisories/29435	Broken Link Vendor Advisory
http://secunia.com/advisories/29438	Broken Link Vendor Advisory
http://secunia.com/advisories/29450	Broken Link Vendor Advisory
http://secunia.com/advisories/29451	Broken Link Vendor Advisory
http://secunia.com/advisories/29457	Broken Link Vendor Advisory
http://secunia.com/advisories/29462	Broken Link Vendor Advisory
http://secunia.com/advisories/29464	Broken Link Vendor Advisory
http://secunia.com/advisories/29516	Broken Link Vendor Advisory
http://secunia.com/advisories/29663	Broken Link Vendor Advisory
http://secunia.com/advisories/30535	Broken Link Vendor Advisory
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html	Broken Link
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html	Broken Link
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt	Third Party Advisory
http://wiki.rpath.com/Advisories:rPSA-2008-0112	Broken Link
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112	Broken Link
http://www.debian.org/security/2008/dsa-1524	Third Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml	Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:069	Patch Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:070	Patch Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:071	Patch Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0164.html	Broken Link
http://www.redhat.com/support/errata/RHSA-2008-0180.html	Broken Link
http://www.redhat.com/support/errata/RHSA-2008-0181.html	Broken Link
http://www.redhat.com/support/errata/RHSA-2008-0182.html	Broken Link
http://www.securityfocus.com/archive/1/489761	Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/489883/100/0/threaded	Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/493080/100/0/threaded	Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/28303	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1019627	Broken Link Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/usn-587-1	Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2008-0009.html	Third Party Advisory
http://www.vupen.com/english/advisories/2008/0922/references	Broken Link Vendor Advisory
http://www.vupen.com/english/advisories/2008/0924/references	Broken Link Vendor Advisory
http://www.vupen.com/english/advisories/2008/1102/references	Broken Link Vendor Advisory
http://www.vupen.com/english/advisories/2008/1744	Broken Link Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/41277	Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8916	Broken Link
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html	Mailing List
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html	Mailing List

Configurations

Configuration 1 (hide)

cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:apple:mac_os_x::::::::
	cpe:2.3:o:apple:mac_os_x::::::::
	cpe:2.3:o:apple:mac_os_x_server::::::::
	cpe:2.3:o:apple:mac_os_x_server::::::::

Configuration 3 (hide)

OR	cpe:2.3:o:opensuse:opensuse:10.2:::::::*
	cpe:2.3:o:opensuse:opensuse:10.3:::::::*
	cpe:2.3:o:suse:linux:10.1:::::::*
	cpe:2.3:o:suse:linux_enterprise_desktop:10:sp1::::::
	cpe:2.3:o:suse:linux_enterprise_server:10:sp1::::::
	cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp1::::::

Configuration 4 (hide)

OR	cpe:2.3:o:debian:debian_linux:3.1:::::::*
	cpe:2.3:o:debian:debian_linux:4.0:::::::*

Configuration 5 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:6.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:7.04:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:7.10:::::::*

Configuration 6 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:7:::::::*
	cpe:2.3:o:fedoraproject:fedora:8:::::::*

History

21 Nov 2024, 00:41

09 Feb 2024, 00:35

Information

Published : 2008-03-19 10:44

Updated : 2025-04-09 00:30

NVD link : CVE-2008-0063

Mitre link : CVE-2008-0063

CVE.ORG link : CVE-2008-0063

JSON object : View

Products Affected

debian

debian_linux

fedoraproject

fedora

suse

linux_enterprise_server
linux_enterprise_desktop
linux
linux_enterprise_software_development_kit

apple

mac_os_x_server
mac_os_x

mit

kerberos_5

opensuse

opensuse

canonical

ubuntu_linux

CWE

CWE-908

Use of Uninitialized Resource

{"id": "CVE-2008-0063", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2008-03-19T10:44:00.000", "references": [{"url": "http://docs.info.apple.com/article.html?artnum=307562", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html", "tags": ["Mailing List"], "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html", "tags": ["Mailing List"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/29420", "tags": ["Broken Link", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/29423", "tags": ["Broken Link", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/29424", "tags": ["Broken Link", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/29428", "tags": ["Broken Link", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/29435", "tags": ["Broken Link", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/29438", "tags": ["Broken Link", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/29450", "tags": ["Broken Link", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/29451", "tags": ["Broken Link", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/29457", "tags": ["Broken Link", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/29462", "tags": ["Broken Link", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/29464", "tags": ["Broken Link", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/29516", "tags": ["Broken Link", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/29663", "tags": ["Broken Link", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/30535", "tags": ["Broken Link", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0112", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2008/dsa-1524", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:069", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:070", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:071", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0164.html", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0180.html", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0181.html", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0182.html", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/489761", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/489883/100/0/threaded", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/28303", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1019627", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.ubuntu.com/usn/usn-587-1", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/0922/references", "tags": ["Broken Link", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/0924/references", "tags": ["Broken Link", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/1102/references", "tags": ["Broken Link", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/1744", "tags": ["Broken Link", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41277", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8916", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html", "tags": ["Mailing List"], "source": "cve@mitre.org"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html", "tags": ["Mailing List"], "source": "cve@mitre.org"}, {"url": "http://docs.info.apple.com/article.html?artnum=307562", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/29420", "tags": ["Broken Link", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/29423", "tags": ["Broken Link", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/29424", "tags": ["Broken Link", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/29428", "tags": ["Broken Link", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/29435", "tags": ["Broken Link", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/29438", "tags": ["Broken Link", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/29450", "tags": ["Broken Link", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/29451", "tags": ["Broken Link", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/29457", "tags": ["Broken Link", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/29462", "tags": ["Broken Link", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/29464", "tags": ["Broken Link", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/29516", "tags": ["Broken Link", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/29663", "tags": ["Broken Link", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/30535", "tags": ["Broken Link", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0112", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.debian.org/security/2008/dsa-1524", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:069", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:070", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:071", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0164.html", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0180.html", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0181.html", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0182.html", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/489761", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/489883/100/0/threaded", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/28303", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id?1019627", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ubuntu.com/usn/usn-587-1", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2008/0922/references", "tags": ["Broken Link", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2008/0924/references", "tags": ["Broken Link", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2008/1102/references", "tags": ["Broken Link", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2008/1744", "tags": ["Broken Link", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41277", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8916", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-908"}]}], "descriptions": [{"lang": "en", "value": "The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka \"Uninitialized stack values.\""}, {"lang": "es", "value": "El soporte Kerberos 4 en KDC en MIT Kerberos 5 (krb5kdc) no borra apropiadamente la parte no utilizada de un b\u00fafer cuando se genera un mensaje de error, lo que podr\u00eda permitir a los atacantes remotos obtener informaci\u00f3n confidencial, tambi\u00e9n se conoce como \"Uninitialized stack values.\""}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "904FBF9F-9269-4088-BD5A-3C773E6F841E", "versionEndIncluding": "1.6.3"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A1E0F574-6859-45A6-B160-7DDE92C07CC7", "versionEndExcluding": "10.4.11"}, {"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D139BCA7-8B43-4BDE-9AE9-5F41F4B6BD0D", "versionEndExcluding": "10.5.2", "versionStartIncluding": "10.5.0"}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2D0444E-6B76-46EE-95EF-617F8967F6B6", "versionEndExcluding": "10.4.11"}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E4317913-336B-40CD-AF63-9F11C374419D", "versionEndExcluding": "10.5.2", "versionStartIncluding": "10.5.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:10.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24818450-FDA1-429A-AC17-68F44F584217"}, {"criteria": "cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C35B68DF-1440-4587-8458-9C5F4D1E43F3"}, {"criteria": "cpe:2.3:o:suse:linux:10.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9BD0E68-2DC1-47EA-882A-6F5921A0F1BF"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C8FC5E32-C9E3-49F6-9481-1DB60DEE8A07"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "29184B59-5756-48DB-930C-69D5CD628548"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "33EB57D5-DE8D-417C-8C00-AD331D61181C"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873"}, {"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23E304C9-F780-4358-A58D-1E4C93977704"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6EBDAFF8-DE44-4E80-B6BD-E341F767F501"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "823BF8BE-2309-4F67-A5E2-EAD98F723468"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3EFD171-01F7-450B-B6F3-0F7E443A2337"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72E4DB7F-07C3-46BB-AAA2-05CD0312C57F"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2008-0063

7.5^/10

4.3^/10

Attach tags to `CVE-2008-0063`