CVE - CVE-2008-0062

CVE-ID
CVE-2008-0062	Learn more at National Vulnerability Database (NVD) • Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20080318 MITKRB5-SA-2008-001: double-free, uninitialized data vulnerabilities in krb5kdc URL:http://www.securityfocus.com/archive/1/489761 BUGTRAQ:20080319 rPSA-2008-0112-1 krb5 krb5-server krb5-services krb5-test krb5-workstation URL:http://www.securityfocus.com/archive/1/archive/1/489883/100/0/threaded BUGTRAQ:20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues URL:http://www.securityfocus.com/archive/1/archive/1/493080/100/0/threaded CONFIRM:http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt CONFIRM:http://docs.info.apple.com/article.html?artnum=307562 CONFIRM:http://wiki.rpath.com/Advisories:rPSA-2008-0112 CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112 CONFIRM:http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html CONFIRM:http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html CONFIRM:http://www.vmware.com/security/advisories/VMSA-2008-0009.html APPLE:APPLE-SA-2008-03-18 URL:http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html DEBIAN:DSA-1524 URL:http://www.debian.org/security/2008/dsa-1524 FEDORA:FEDORA-2008-2637 URL:https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html FEDORA:FEDORA-2008-2647 URL:https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html GENTOO:GLSA-200803-31 URL:http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml HP:HPSBOV02682 URL:http://marc.info/?l=bugtraq&m=130497213107107&w=2 HP:SSRT100495 URL:http://marc.info/?l=bugtraq&m=130497213107107&w=2 MANDRIVA:MDVSA-2008:070 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:070 MANDRIVA:MDVSA-2008:071 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:071 MANDRIVA:MDVSA-2008:069 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:069 REDHAT:RHSA-2008:0164 URL:http://www.redhat.com/support/errata/RHSA-2008-0164.html REDHAT:RHSA-2008:0180 URL:http://www.redhat.com/support/errata/RHSA-2008-0180.html REDHAT:RHSA-2008:0181 URL:http://www.redhat.com/support/errata/RHSA-2008-0181.html REDHAT:RHSA-2008:0182 URL:http://www.redhat.com/support/errata/RHSA-2008-0182.html SUSE:SUSE-SA:2008:016 URL:http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html UBUNTU:USN-587-1 URL:http://www.ubuntu.com/usn/usn-587-1 CERT-VN:VU#895609 URL:http://www.kb.cert.org/vuls/id/895609 BID:28303 URL:http://www.securityfocus.com/bid/28303 OVAL:oval:org.mitre.oval:def:9496 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9496 VUPEN:ADV-2008-0922 URL:http://www.vupen.com/english/advisories/2008/0922/references VUPEN:ADV-2008-0924 URL:http://www.vupen.com/english/advisories/2008/0924/references VUPEN:ADV-2008-1102 URL:http://www.vupen.com/english/advisories/2008/1102/references VUPEN:ADV-2008-1744 URL:http://www.vupen.com/english/advisories/2008/1744 SECTRACK:1019626 URL:http://www.securitytracker.com/id?1019626 SECUNIA:29428 URL:http://secunia.com/advisories/29428 SECUNIA:29438 URL:http://secunia.com/advisories/29438 SECUNIA:29420 URL:http://secunia.com/advisories/29420 SECUNIA:29435 URL:http://secunia.com/advisories/29435 SECUNIA:29450 URL:http://secunia.com/advisories/29450 SECUNIA:29451 URL:http://secunia.com/advisories/29451 SECUNIA:29457 URL:http://secunia.com/advisories/29457 SECUNIA:29464 URL:http://secunia.com/advisories/29464 SECUNIA:29423 URL:http://secunia.com/advisories/29423 SECUNIA:29462 URL:http://secunia.com/advisories/29462 SECUNIA:29516 URL:http://secunia.com/advisories/29516 SECUNIA:29663 URL:http://secunia.com/advisories/29663 SECUNIA:29424 URL:http://secunia.com/advisories/29424 SECUNIA:30535 URL:http://secunia.com/advisories/30535 XF:krb5-kdc-code-execution(41275) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/41275
Assigning CNA
N/A
Date Entry Created
20080103	Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20080103)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE list, which standardizes names for security problems.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org

Use of the Common Vulnerabilities and Exposures List and the associated references from this Web site are subject to the Terms of Use. For more information, please email cve@mitre.org.

CVE is sponsored by US-CERT in the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. Copyright © 1999–2018, The MITRE Corporation. CVE and the CVE logo are registered trademarks and CVE-Compatible is a trademark of The MITRE Corporation.

Site Map
Privacy policy
Terms of use
Contact us