CVE - CVE-2008-0063

CVE-ID
CVE-2008-0063	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
APPLE:APPLE-SA-2008-03-18 URL:http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html BID:28303 URL:http://www.securityfocus.com/bid/28303 BUGTRAQ:20080318 MITKRB5-SA-2008-001: double-free, uninitialized data vulnerabilities in krb5kdc URL:http://www.securityfocus.com/archive/1/489761 BUGTRAQ:20080319 rPSA-2008-0112-1 krb5 krb5-server krb5-services krb5-test krb5-workstation URL:http://www.securityfocus.com/archive/1/489883/100/0/threaded BUGTRAQ:20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues URL:http://www.securityfocus.com/archive/1/493080/100/0/threaded CONFIRM:http://docs.info.apple.com/article.html?artnum=307562 CONFIRM:http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html CONFIRM:http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html CONFIRM:http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt CONFIRM:http://wiki.rpath.com/Advisories:rPSA-2008-0112 CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112 CONFIRM:http://www.vmware.com/security/advisories/VMSA-2008-0009.html DEBIAN:DSA-1524 URL:http://www.debian.org/security/2008/dsa-1524 FEDORA:FEDORA-2008-2637 URL:https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html FEDORA:FEDORA-2008-2647 URL:https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html GENTOO:GLSA-200803-31 URL:http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml MANDRIVA:MDVSA-2008:069 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2008:069~~ (Obsolete source) MANDRIVA:MDVSA-2008:070 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2008:070~~ (Obsolete source) MANDRIVA:MDVSA-2008:071 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2008:071~~ (Obsolete source) OVAL:oval:org.mitre.oval:def:8916 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8916 REDHAT:RHSA-2008:0164 URL:http://www.redhat.com/support/errata/RHSA-2008-0164.html REDHAT:RHSA-2008:0180 URL:http://www.redhat.com/support/errata/RHSA-2008-0180.html REDHAT:RHSA-2008:0181 URL:http://www.redhat.com/support/errata/RHSA-2008-0181.html REDHAT:RHSA-2008:0182 URL:http://www.redhat.com/support/errata/RHSA-2008-0182.html SECTRACK:1019627 URL:http://www.securitytracker.com/id?1019627 SECUNIA:29420 URL:http://secunia.com/advisories/29420 SECUNIA:29423 URL:http://secunia.com/advisories/29423 SECUNIA:29424 URL:http://secunia.com/advisories/29424 SECUNIA:29428 URL:http://secunia.com/advisories/29428 SECUNIA:29435 URL:http://secunia.com/advisories/29435 SECUNIA:29438 URL:http://secunia.com/advisories/29438 SECUNIA:29450 URL:http://secunia.com/advisories/29450 SECUNIA:29451 URL:http://secunia.com/advisories/29451 SECUNIA:29457 URL:http://secunia.com/advisories/29457 SECUNIA:29462 URL:http://secunia.com/advisories/29462 SECUNIA:29464 URL:http://secunia.com/advisories/29464 SECUNIA:29516 URL:http://secunia.com/advisories/29516 SECUNIA:29663 URL:http://secunia.com/advisories/29663 SECUNIA:30535 URL:http://secunia.com/advisories/30535 SUSE:SUSE-SA:2008:016 URL:http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html UBUNTU:USN-587-1 URL:http://www.ubuntu.com/usn/usn-587-1 VUPEN:ADV-2008-0922 URL:~~http://www.vupen.com/english/advisories/2008/0922/references~~ (Obsolete source) VUPEN:ADV-2008-0924 URL:~~http://www.vupen.com/english/advisories/2008/0924/references~~ (Obsolete source) VUPEN:ADV-2008-1102 URL:~~http://www.vupen.com/english/advisories/2008/1102/references~~ (Obsolete source) VUPEN:ADV-2008-1744 URL:~~http://www.vupen.com/english/advisories/2008/1744~~ (Obsolete source) XF:krb5-kdc-kerberos4-info-disclosure(41277) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/41277
Assigning CNA
MITRE Corporation
Date Record Created
20080103	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20080103)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)