CVE-2008-0063 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2008-0063

CVE-2008-0063

March 19, 2008

The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."

Related Resources (47)

http://www.mandriva.com/security/advisories?name=MDVSA-2008:070

http://secunia.com/advisories/29438

http://www.securityfocus.com/archive/1/489883/100/0/threaded

http://www.vupen.com/english/advisories/2008/1102/references

http://www.redhat.com/support/errata/RHSA-2008-0164.html

http://www.securityfocus.com/bid/28303

http://secunia.com/advisories/29663

http://www.redhat.com/support/errata/RHSA-2008-0181.html

http://secunia.com/advisories/29428

http://www.vupen.com/english/advisories/2008/0922/references

http://www.redhat.com/support/errata/RHSA-2008-0180.html

http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html

http://www.mandriva.com/security/advisories?name=MDVSA-2008:071

http://secunia.com/advisories/29420

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112

http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html

http://www.vupen.com/english/advisories/2008/0924/references

http://www.vupen.com/english/advisories/2008/1744

http://www.securityfocus.com/archive/1/489761

http://www.debian.org/security/2008/dsa-1524

http://www.securitytracker.com/id?1019627

http://secunia.com/advisories/29457

http://secunia.com/advisories/29516

http://secunia.com/advisories/29424

http://secunia.com/advisories/30535

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt

http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml

http://www.ubuntu.com/usn/usn-587-1

http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html

http://wiki.rpath.com/Advisories:rPSA-2008-0112

http://secunia.com/advisories/29435

http://www.securityfocus.com/archive/1/493080/100/0/threaded

http://secunia.com/advisories/29423

https://exchange.xforce.ibmcloud.com/vulnerabilities/41277

http://www.vmware.com/security/advisories/VMSA-2008-0009.html

https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html

http://secunia.com/advisories/29451

http://secunia.com/advisories/29464

http://secunia.com/advisories/29462

http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html

http://www.redhat.com/support/errata/RHSA-2008-0182.html

http://docs.info.apple.com/article.html?artnum=307562

https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html

http://www.mandriva.com/security/advisories?name=MDVSA-2008:069

http://secunia.com/advisories/29450

https://access.redhat.com/security/cve/CVE-2008-0063

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8916

Do you need more information?

CVSS v4

Base Score:

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

HIGH

Vulnerable System Integrity

NONE

Vulnerable System Availability

NONE

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

CVSS v2

Base Score:

4.3

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

Weakness Type (CWE)

Use of Uninitialized Resource

CWE-908

EPSS

Base Score:

4.90

Products

Solutions

Resources

Company

Compare

Developer Tools