CVE-2008-0063 - OpenCVE

The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Suse	Linux Enterprise Software Development Kit Linux Linux Enterprise Desktop Linux Enterprise Server
Apple	Mac Os X Server Mac Os X
Canonical	Ubuntu Linux
Fedoraproject	Fedora
Debian	Debian Linux
Opensuse	Opensuse
Mit	Kerberos 5

Configuration 1 [-]

cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:apple:mac_os_x::::::::
	cpe:2.3:o:apple:mac_os_x::::::::
	cpe:2.3:o:apple:mac_os_x_server::::::::
	cpe:2.3:o:apple:mac_os_x_server::::::::

Configuration 3 [-]

OR	cpe:2.3:o:opensuse:opensuse:10.2:::::::*
	cpe:2.3:o:opensuse:opensuse:10.3:::::::*
	cpe:2.3:o:suse:linux:10.1:::::::*
	cpe:2.3:o:suse:linux_enterprise_desktop:10:sp1::::::
	cpe:2.3:o:suse:linux_enterprise_server:10:sp1::::::
	cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp1::::::

Configuration 4 [-]

OR	cpe:2.3:o:debian:debian_linux:3.1:::::::*
	cpe:2.3:o:debian:debian_linux:4.0:::::::*

Configuration 5 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:6.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:7.04:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:7.10:::::::*

Configuration 6 [-]

OR	cpe:2.3:o:fedoraproject:fedora:7:::::::*
	cpe:2.3:o:fedoraproject:fedora:8:::::::*

References

Link	Resource
http://docs.info.apple.com/article.html?artnum=307562	Broken Link
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html	Mailing List
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html	Mailing List
http://secunia.com/advisories/29420	Broken Link Vendor Advisory
http://secunia.com/advisories/29423	Broken Link Vendor Advisory
http://secunia.com/advisories/29424	Broken Link Vendor Advisory
http://secunia.com/advisories/29428	Broken Link Vendor Advisory
http://secunia.com/advisories/29435	Broken Link Vendor Advisory
http://secunia.com/advisories/29438	Broken Link Vendor Advisory
http://secunia.com/advisories/29450	Broken Link Vendor Advisory
http://secunia.com/advisories/29451	Broken Link Vendor Advisory
http://secunia.com/advisories/29457	Broken Link Vendor Advisory
http://secunia.com/advisories/29462	Broken Link Vendor Advisory
http://secunia.com/advisories/29464	Broken Link Vendor Advisory
http://secunia.com/advisories/29516	Broken Link Vendor Advisory
http://secunia.com/advisories/29663	Broken Link Vendor Advisory
http://secunia.com/advisories/30535	Broken Link Vendor Advisory
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html	Broken Link
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html	Broken Link
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt	Third Party Advisory
http://wiki.rpath.com/Advisories:rPSA-2008-0112	Broken Link
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112	Broken Link
http://www.debian.org/security/2008/dsa-1524	Third Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml	Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:069	Patch Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:070	Patch Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:071	Patch Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0164.html	Broken Link
http://www.redhat.com/support/errata/RHSA-2008-0180.html	Broken Link
http://www.redhat.com/support/errata/RHSA-2008-0181.html	Broken Link
http://www.redhat.com/support/errata/RHSA-2008-0182.html	Broken Link
http://www.securityfocus.com/archive/1/489761	Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/489883/100/0/threaded	Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/493080/100/0/threaded	Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/28303	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1019627	Broken Link Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/usn-587-1	Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2008-0009.html	Third Party Advisory
http://www.vupen.com/english/advisories/2008/0922/references	Broken Link Vendor Advisory
http://www.vupen.com/english/advisories/2008/0924/references	Broken Link Vendor Advisory
http://www.vupen.com/english/advisories/2008/1102/references	Broken Link Vendor Advisory
http://www.vupen.com/english/advisories/2008/1744	Broken Link Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/41277	Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8916	Broken Link
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html	Mailing List
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html	Mailing List