CVE - CVE-2008-0062

CVE-ID
CVE-2008-0062	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
APPLE:APPLE-SA-2008-03-18 URL:http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html BID:28303 URL:http://www.securityfocus.com/bid/28303 BUGTRAQ:20080318 MITKRB5-SA-2008-001: double-free, uninitialized data vulnerabilities in krb5kdc URL:http://www.securityfocus.com/archive/1/489761 BUGTRAQ:20080319 rPSA-2008-0112-1 krb5 krb5-server krb5-services krb5-test krb5-workstation URL:http://www.securityfocus.com/archive/1/489883/100/0/threaded BUGTRAQ:20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues URL:http://www.securityfocus.com/archive/1/493080/100/0/threaded CERT-VN:VU#895609 URL:http://www.kb.cert.org/vuls/id/895609 CONFIRM:http://docs.info.apple.com/article.html?artnum=307562 CONFIRM:http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html CONFIRM:http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html CONFIRM:http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt CONFIRM:http://wiki.rpath.com/Advisories:rPSA-2008-0112 CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112 CONFIRM:http://www.vmware.com/security/advisories/VMSA-2008-0009.html DEBIAN:DSA-1524 URL:http://www.debian.org/security/2008/dsa-1524 FEDORA:FEDORA-2008-2637 URL:https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html FEDORA:FEDORA-2008-2647 URL:https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html GENTOO:GLSA-200803-31 URL:http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml HP:HPSBOV02682 URL:http://marc.info/?l=bugtraq&m=130497213107107&w=2 HP:SSRT100495 URL:http://marc.info/?l=bugtraq&m=130497213107107&w=2 MANDRIVA:MDVSA-2008:069 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2008:069~~ (Obsolete source) MANDRIVA:MDVSA-2008:070 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2008:070~~ (Obsolete source) MANDRIVA:MDVSA-2008:071 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2008:071~~ (Obsolete source) OVAL:oval:org.mitre.oval:def:9496 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9496 REDHAT:RHSA-2008:0164 URL:http://www.redhat.com/support/errata/RHSA-2008-0164.html REDHAT:RHSA-2008:0180 URL:http://www.redhat.com/support/errata/RHSA-2008-0180.html REDHAT:RHSA-2008:0181 URL:http://www.redhat.com/support/errata/RHSA-2008-0181.html REDHAT:RHSA-2008:0182 URL:http://www.redhat.com/support/errata/RHSA-2008-0182.html SECTRACK:1019626 URL:http://www.securitytracker.com/id?1019626 SECUNIA:29420 URL:http://secunia.com/advisories/29420 SECUNIA:29423 URL:http://secunia.com/advisories/29423 SECUNIA:29424 URL:http://secunia.com/advisories/29424 SECUNIA:29428 URL:http://secunia.com/advisories/29428 SECUNIA:29435 URL:http://secunia.com/advisories/29435 SECUNIA:29438 URL:http://secunia.com/advisories/29438 SECUNIA:29450 URL:http://secunia.com/advisories/29450 SECUNIA:29451 URL:http://secunia.com/advisories/29451 SECUNIA:29457 URL:http://secunia.com/advisories/29457 SECUNIA:29462 URL:http://secunia.com/advisories/29462 SECUNIA:29464 URL:http://secunia.com/advisories/29464 SECUNIA:29516 URL:http://secunia.com/advisories/29516 SECUNIA:29663 URL:http://secunia.com/advisories/29663 SECUNIA:30535 URL:http://secunia.com/advisories/30535 SUSE:SUSE-SA:2008:016 URL:http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html UBUNTU:USN-587-1 URL:http://www.ubuntu.com/usn/usn-587-1 VUPEN:ADV-2008-0922 URL:~~http://www.vupen.com/english/advisories/2008/0922/references~~ (Obsolete source) VUPEN:ADV-2008-0924 URL:~~http://www.vupen.com/english/advisories/2008/0924/references~~ (Obsolete source) VUPEN:ADV-2008-1102 URL:~~http://www.vupen.com/english/advisories/2008/1102/references~~ (Obsolete source) VUPEN:ADV-2008-1744 URL:~~http://www.vupen.com/english/advisories/2008/1744~~ (Obsolete source) XF:krb5-kdc-code-execution(41275) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/41275
Assigning CNA
MITRE Corporation
Date Record Created
20080103	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20080103)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)