CVE-2008-0062 - Vulnerability Details

KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Canonical	Ubuntu Linux
Debian	Debian Linux
Fedoraproject	Fedora
Mit	Kerberos 5
Redhat	Enterprise Linux Rhel Eus

Configuration 1 [-]

cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:3.1:::::::*
	cpe:2.3:o:debian:debian_linux:4.0:::::::*

Configuration 3 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:6.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:7.04:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:7.10:::::::*

Configuration 4 [-]

OR	cpe:2.3:o:fedoraproject:fedora:7:::::::*
	cpe:2.3:o:fedoraproject:fedora:8:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 2.1
krb5-0:1.2.2-48	cpe:/o:redhat:enterprise_linux:2.1	RHSA-2008:0181	2008-03-18T00:00:00Z
Red Hat Enterprise Linux 3
krb5-0:1.2.7-68	cpe:/o:redhat:enterprise_linux:3	RHSA-2008:0181	2008-03-18T00:00:00Z
Red Hat Enterprise Linux 4
krb5-0:1.3.4-54.el4_6.1	cpe:/o:redhat:enterprise_linux:4	RHSA-2008:0180	2008-03-18T00:00:00Z
Red Hat Enterprise Linux 4.5 Z Stream
krb5-0:1.3.4-49.el4_5.1	cpe:/o:redhat:rhel_eus:4.5	RHSA-2008:0182	2008-03-18T00:00:00Z
Red Hat Enterprise Linux 5
krb5-0:1.6.1-17.el5_1.1	cpe:/o:redhat:enterprise_linux:5	RHSA-2008:0164	2008-03-18T00:00:00Z

References

Link	Providers
http://docs.info.apple.com/article.html?artnum=307562
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html
http://marc.info/?l=bugtraq&m=130497213107107&w=2
http://secunia.com/advisories/29420
http://secunia.com/advisories/29423
http://secunia.com/advisories/29424
http://secunia.com/advisories/29428
http://secunia.com/advisories/29435
http://secunia.com/advisories/29438
http://secunia.com/advisories/29450
http://secunia.com/advisories/29451
http://secunia.com/advisories/29457
http://secunia.com/advisories/29462
http://secunia.com/advisories/29464
http://secunia.com/advisories/29516
http://secunia.com/advisories/29663
http://secunia.com/advisories/30535
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt
http://wiki.rpath.com/Advisories:rPSA-2008-0112
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112
http://www.debian.org/security/2008/dsa-1524
http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml
http://www.kb.cert.org/vuls/id/895609
http://www.mandriva.com/security/advisories?name=MDVSA-2008:069
http://www.mandriva.com/security/advisories?name=MDVSA-2008:070
http://www.mandriva.com/security/advisories?name=MDVSA-2008:071
http://www.redhat.com/support/errata/RHSA-2008-0164.html
http://www.redhat.com/support/errata/RHSA-2008-0180.html
http://www.redhat.com/support/errata/RHSA-2008-0181.html
http://www.redhat.com/support/errata/RHSA-2008-0182.html
http://www.securityfocus.com/archive/1/489761
http://www.securityfocus.com/archive/1/489883/100/0/threaded
http://www.securityfocus.com/archive/1/493080/100/0/threaded
http://www.securityfocus.com/bid/28303
http://www.securitytracker.com/id?1019626
http://www.ubuntu.com/usn/usn-587-1
http://www.vmware.com/security/advisories/VMSA-2008-0009.html
http://www.vupen.com/english/advisories/2008/0922/references
http://www.vupen.com/english/advisories/2008/0924/references
http://www.vupen.com/english/advisories/2008/1102/references
http://www.vupen.com/english/advisories/2008/1744
https://exchange.xforce.ibmcloud.com/vulnerabilities/41275
https://nvd.nist.gov/vuln/detail/CVE-2008-0062
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9496
https://www.cve.org/CVERecord?id=CVE-2008-0062
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-03-19T10:00:00

Updated: 2024-08-07T07:32:23.904Z

Reserved: 2008-01-03T00:00:00

Link: CVE-2008-0062

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-03-19T10:44:00.000

Modified: 2024-11-21T00:41:04.913

Link: CVE-2008-0062

Redhat

Severity : Critical

Publid Date: 2008-03-18T00:00:00Z

Links: CVE-2008-0062 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-03-18T00:00:00", "descriptions": [{"lang": "en", "value": "KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2008-1744", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/1744"}, {"name": "29457", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29457"}, {"name": "MDVSA-2008:069", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:069"}, {"name": "29464", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29464"}, {"name": "GLSA-200803-31", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml"}, {"name": "FEDORA-2008-2637", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html"}, {"name": "MDVSA-2008:071", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:071"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0112"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html"}, {"name": "SSRT100495", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=130497213107107&w=2"}, {"name": "29451", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29451"}, {"name": "29663", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29663"}, {"name": "FEDORA-2008-2647", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112"}, {"name": "29438", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29438"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"}, {"name": "oval:org.mitre.oval:def:9496", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9496"}, {"name": "ADV-2008-0924", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/0924/references"}, {"name": "RHSA-2008:0164", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0164.html"}, {"name": "MDVSA-2008:070", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:070"}, {"name": "ADV-2008-0922", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/0922/references"}, {"name": "29450", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29450"}, {"name": "29435", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29435"}, {"name": "krb5-kdc-code-execution(41275)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41275"}, {"name": "1019626", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1019626"}, {"name": "20080319 rPSA-2008-0112-1 krb5 krb5-server krb5-services krb5-test krb5-workstation", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/489883/100/0/threaded"}, {"name": "29428", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29428"}, {"name": "29420", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29420"}, {"name": "DSA-1524", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2008/dsa-1524"}, {"name": "30535", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30535"}, {"name": "APPLE-SA-2008-03-18", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"}, {"name": "RHSA-2008:0182", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0182.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html"}, {"name": "20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"}, {"name": "RHSA-2008:0180", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0180.html"}, {"name": "SUSE-SA:2008:016", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html"}, {"name": "29516", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29516"}, {"name": "29462", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29462"}, {"name": "29424", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29424"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://docs.info.apple.com/article.html?artnum=307562"}, {"name": "RHSA-2008:0181", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0181.html"}, {"name": "29423", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29423"}, {"name": "USN-587-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-587-1"}, {"name": "ADV-2008-1102", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/1102/references"}, {"name": "28303", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/28303"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt"}, {"name": "20080318 MITKRB5-SA-2008-001: double-free, uninitialized data vulnerabilities in krb5kdc", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/489761"}, {"name": "HPSBOV02682", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=130497213107107&w=2"}, {"name": "VU#895609", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/895609"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-0062", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2008-1744", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1744"}, {"name": "29457", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29457"}, {"name": "MDVSA-2008:069", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:069"}, {"name": "29464", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29464"}, {"name": "GLSA-200803-31", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml"}, {"name": "FEDORA-2008-2637", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html"}, {"name": "MDVSA-2008:071", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:071"}, {"name": "http://wiki.rpath.com/Advisories:rPSA-2008-0112", "refsource": "CONFIRM", "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0112"}, {"name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html", "refsource": "CONFIRM", "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html"}, {"name": "SSRT100495", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=130497213107107&w=2"}, {"name": "29451", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29451"}, {"name": "29663", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29663"}, {"name": "FEDORA-2008-2647", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html"}, {"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112", "refsource": "CONFIRM", "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112"}, {"name": "29438", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29438"}, {"name": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"}, {"name": "oval:org.mitre.oval:def:9496", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9496"}, {"name": "ADV-2008-0924", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0924/references"}, {"name": "RHSA-2008:0164", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0164.html"}, {"name": "MDVSA-2008:070", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:070"}, {"name": "ADV-2008-0922", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0922/references"}, {"name": "29450", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29450"}, {"name": "29435", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29435"}, {"name": "krb5-kdc-code-execution(41275)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41275"}, {"name": "1019626", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1019626"}, {"name": "20080319 rPSA-2008-0112-1 krb5 krb5-server krb5-services krb5-test krb5-workstation", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/489883/100/0/threaded"}, {"name": "29428", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29428"}, {"name": "29420", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29420"}, {"name": "DSA-1524", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2008/dsa-1524"}, {"name": "30535", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30535"}, {"name": "APPLE-SA-2008-03-18", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"}, {"name": "RHSA-2008:0182", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0182.html"}, {"name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html", "refsource": "CONFIRM", "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html"}, {"name": "20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"}, {"name": "RHSA-2008:0180", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0180.html"}, {"name": "SUSE-SA:2008:016", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html"}, {"name": "29516", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29516"}, {"name": "29462", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29462"}, {"name": "29424", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29424"}, {"name": "http://docs.info.apple.com/article.html?artnum=307562", "refsource": "CONFIRM", "url": "http://docs.info.apple.com/article.html?artnum=307562"}, {"name": "RHSA-2008:0181", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0181.html"}, {"name": "29423", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29423"}, {"name": "USN-587-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-587-1"}, {"name": "ADV-2008-1102", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1102/references"}, {"name": "28303", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28303"}, {"name": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt", "refsource": "CONFIRM", "url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt"}, {"name": "20080318 MITKRB5-SA-2008-001: double-free, uninitialized data vulnerabilities in krb5kdc", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/489761"}, {"name": "HPSBOV02682", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=130497213107107&w=2"}, {"name": "VU#895609", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/895609"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T07:32:23.904Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2008-1744", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/1744"}, {"name": "29457", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29457"}, {"name": "MDVSA-2008:069", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:069"}, {"name": "29464", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29464"}, {"name": "GLSA-200803-31", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml"}, {"name": "FEDORA-2008-2637", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html"}, {"name": "MDVSA-2008:071", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:071"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0112"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html"}, {"name": "SSRT100495", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=130497213107107&w=2"}, {"name": "29451", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29451"}, {"name": "29663", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29663"}, {"name": "FEDORA-2008-2647", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112"}, {"name": "29438", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29438"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"}, {"name": "oval:org.mitre.oval:def:9496", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9496"}, {"name": "ADV-2008-0924", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/0924/references"}, {"name": "RHSA-2008:0164", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0164.html"}, {"name": "MDVSA-2008:070", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:070"}, {"name": "ADV-2008-0922", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/0922/references"}, {"name": "29450", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29450"}, {"name": "29435", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29435"}, {"name": "krb5-kdc-code-execution(41275)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41275"}, {"name": "1019626", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1019626"}, {"name": "20080319 rPSA-2008-0112-1 krb5 krb5-server krb5-services krb5-test krb5-workstation", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/489883/100/0/threaded"}, {"name": "29428", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29428"}, {"name": "29420", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29420"}, {"name": "DSA-1524", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2008/dsa-1524"}, {"name": "30535", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/30535"}, {"name": "APPLE-SA-2008-03-18", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"}, {"name": "RHSA-2008:0182", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0182.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html"}, {"name": "20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"}, {"name": "RHSA-2008:0180", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0180.html"}, {"name": "SUSE-SA:2008:016", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html"}, {"name": "29516", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29516"}, {"name": "29462", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29462"}, {"name": "29424", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29424"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://docs.info.apple.com/article.html?artnum=307562"}, {"name": "RHSA-2008:0181", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0181.html"}, {"name": "29423", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29423"}, {"name": "USN-587-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/usn-587-1"}, {"name": "ADV-2008-1102", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/1102/references"}, {"name": "28303", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/28303"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt"}, {"name": "20080318 MITKRB5-SA-2008-001: double-free, uninitialized data vulnerabilities in krb5kdc", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/489761"}, {"name": "HPSBOV02682", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=130497213107107&w=2"}, {"name": "VU#895609", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/895609"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-0062", "datePublished": "2008-03-19T10:00:00", "dateReserved": "2008-01-03T00:00:00", "dateUpdated": "2024-08-07T07:32:23.904Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*", "matchCriteriaId": "904FBF9F-9269-4088-BD5A-3C773E6F841E", "versionEndIncluding": "1.6.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*", "matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*", "matchCriteriaId": "23E304C9-F780-4358-A58D-1E4C93977704", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*", "matchCriteriaId": "6EBDAFF8-DE44-4E80-B6BD-E341F767F501", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*", "matchCriteriaId": "823BF8BE-2309-4F67-A5E2-EAD98F723468", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:*", "matchCriteriaId": "E3EFD171-01F7-450B-B6F3-0F7E443A2337", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*", "matchCriteriaId": "72E4DB7F-07C3-46BB-AAA2-05CD0312C57F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free."}, {"lang": "es", "value": "KDC en MIT Kerberos 5 (krb5kdc) no fija variable global alguna para determinados tipos de mensaje krb4, la cual permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecuci\u00f3n de c\u00f3digo de su elecci\u00f3n mediante mensajes manipulados que disparan una referencia a un puntero nulo o doble liberaci\u00f3n de memoria (double-free)."}], "id": "CVE-2008-0062", "lastModified": "2024-11-21T00:41:04.913", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2008-03-19T10:44:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://docs.info.apple.com/article.html?artnum=307562"}, {"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "http://marc.info/?l=bugtraq&m=130497213107107&w=2"}, {"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "http://marc.info/?l=bugtraq&m=130497213107107&w=2"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/29420"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/29423"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/29424"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/29428"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/29435"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/29438"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/29450"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/29451"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/29457"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/29462"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/29464"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/29516"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/29663"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/30535"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0112"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2008/dsa-1524"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/895609"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:069"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:070"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:071"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0164.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0180.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0181.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0182.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/489761"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/489883/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/28303"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id?1019626"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/usn-587-1"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2008/0922/references"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2008/0924/references"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2008/1102/references"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2008/1744"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41275"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9496"}, {"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://docs.info.apple.com/article.html?artnum=307562"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://marc.info/?l=bugtraq&m=130497213107107&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://marc.info/?l=bugtraq&m=130497213107107&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/29420"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/29423"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/29424"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/29428"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/29435"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/29438"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/29450"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/29451"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/29457"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/29462"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/29464"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/29516"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/29663"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/30535"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0112"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2008/dsa-1524"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/895609"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:069"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:070"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:071"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0164.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0180.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0181.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0182.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/489761"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/489883/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/28303"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id?1019626"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/usn-587-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2008/0922/references"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2008/0924/references"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2008/1102/references"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2008/1744"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41275"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9496"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-665"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank MIT for reporting this issue.", "affected_release": [{"advisory": "RHSA-2008:0181", "cpe": "cpe:/o:redhat:enterprise_linux:2.1", "package": "krb5-0:1.2.2-48", "product_name": "Red Hat Enterprise Linux 2.1", "release_date": "2008-03-18T00:00:00Z"}, {"advisory": "RHSA-2008:0181", "cpe": "cpe:/o:redhat:enterprise_linux:3", "package": "krb5-0:1.2.7-68", "product_name": "Red Hat Enterprise Linux 3", "release_date": "2008-03-18T00:00:00Z"}, {"advisory": "RHSA-2008:0180", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "krb5-0:1.3.4-54.el4_6.1", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2008-03-18T00:00:00Z"}, {"advisory": "RHSA-2008:0182", "cpe": "cpe:/o:redhat:rhel_eus:4.5", "package": "krb5-0:1.3.4-49.el4_5.1", "product_name": "Red Hat Enterprise Linux 4.5 Z Stream", "release_date": "2008-03-18T00:00:00Z"}, {"advisory": "RHSA-2008:0164", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "krb5-0:1.6.1-17.el5_1.1", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2008-03-18T00:00:00Z"}], "bugzilla": {"description": "krb5: uninitialized pointer use in krb5kdc", "id": "432620", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=432620"}, "csaw": false, "details": ["KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free."], "name": "CVE-2008-0062", "public_date": "2008-03-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2008-0062\nhttps://nvd.nist.gov/vuln/detail/CVE-2008-0062"], "threat_severity": "Critical"}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object