CVE-2008-0063 - Vulnerability Details

The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Mac Os X Mac Os X Server
Canonical	Ubuntu Linux
Debian	Debian Linux
Fedoraproject	Fedora
Mit	Kerberos 5
Opensuse	Opensuse
Redhat	Enterprise Linux Rhel Eus
Suse	Linux Linux Enterprise Desktop Linux Enterprise Server Linux Enterprise Software Development Kit

Configuration 1 [-]

cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:apple:mac_os_x::::::::
	cpe:2.3:o:apple:mac_os_x::::::::
	cpe:2.3:o:apple:mac_os_x_server::::::::
	cpe:2.3:o:apple:mac_os_x_server::::::::

Configuration 3 [-]

OR	cpe:2.3:o:opensuse:opensuse:10.2:::::::*
	cpe:2.3:o:opensuse:opensuse:10.3:::::::*
	cpe:2.3:o:suse:linux:10.1:::::::*
	cpe:2.3:o:suse:linux_enterprise_desktop:10:sp1::::::
	cpe:2.3:o:suse:linux_enterprise_server:10:sp1::::::
	cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp1::::::

Configuration 4 [-]

OR	cpe:2.3:o:debian:debian_linux:3.1:::::::*
	cpe:2.3:o:debian:debian_linux:4.0:::::::*

Configuration 5 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:6.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:7.04:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:7.10:::::::*

Configuration 6 [-]

OR	cpe:2.3:o:fedoraproject:fedora:7:::::::*
	cpe:2.3:o:fedoraproject:fedora:8:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 2.1
krb5-0:1.2.2-48	cpe:/o:redhat:enterprise_linux:2.1	RHSA-2008:0181	2008-03-18T00:00:00Z
Red Hat Enterprise Linux 3
krb5-0:1.2.7-68	cpe:/o:redhat:enterprise_linux:3	RHSA-2008:0181	2008-03-18T00:00:00Z
Red Hat Enterprise Linux 4
krb5-0:1.3.4-54.el4_6.1	cpe:/o:redhat:enterprise_linux:4	RHSA-2008:0180	2008-03-18T00:00:00Z
Red Hat Enterprise Linux 4.5 Z Stream
krb5-0:1.3.4-49.el4_5.1	cpe:/o:redhat:rhel_eus:4.5	RHSA-2008:0182	2008-03-18T00:00:00Z
Red Hat Enterprise Linux 5
krb5-0:1.6.1-17.el5_1.1	cpe:/o:redhat:enterprise_linux:5	RHSA-2008:0164	2008-03-18T00:00:00Z

References

Link	Providers
http://docs.info.apple.com/article.html?artnum=307562
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html
http://secunia.com/advisories/29420
http://secunia.com/advisories/29423
http://secunia.com/advisories/29424
http://secunia.com/advisories/29428
http://secunia.com/advisories/29435
http://secunia.com/advisories/29438
http://secunia.com/advisories/29450
http://secunia.com/advisories/29451
http://secunia.com/advisories/29457
http://secunia.com/advisories/29462
http://secunia.com/advisories/29464
http://secunia.com/advisories/29516
http://secunia.com/advisories/29663
http://secunia.com/advisories/30535
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt
http://wiki.rpath.com/Advisories:rPSA-2008-0112
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112
http://www.debian.org/security/2008/dsa-1524
http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:069
http://www.mandriva.com/security/advisories?name=MDVSA-2008:070
http://www.mandriva.com/security/advisories?name=MDVSA-2008:071
http://www.redhat.com/support/errata/RHSA-2008-0164.html
http://www.redhat.com/support/errata/RHSA-2008-0180.html
http://www.redhat.com/support/errata/RHSA-2008-0181.html
http://www.redhat.com/support/errata/RHSA-2008-0182.html
http://www.securityfocus.com/archive/1/489761
http://www.securityfocus.com/archive/1/489883/100/0/threaded
http://www.securityfocus.com/archive/1/493080/100/0/threaded
http://www.securityfocus.com/bid/28303
http://www.securitytracker.com/id?1019627
http://www.ubuntu.com/usn/usn-587-1
http://www.vmware.com/security/advisories/VMSA-2008-0009.html
http://www.vupen.com/english/advisories/2008/0922/references
http://www.vupen.com/english/advisories/2008/0924/references
http://www.vupen.com/english/advisories/2008/1102/references
http://www.vupen.com/english/advisories/2008/1744
https://exchange.xforce.ibmcloud.com/vulnerabilities/41277
https://nvd.nist.gov/vuln/detail/CVE-2008-0063
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8916
https://www.cve.org/CVERecord?id=CVE-2008-0063
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-03-19T10:00:00

Updated: 2024-08-07T07:32:23.883Z

Reserved: 2008-01-03T00:00:00

Link: CVE-2008-0063

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-03-19T10:44:00.000

Modified: 2024-11-21T00:41:05.150

Link: CVE-2008-0063

Redhat

Severity : Moderate

Publid Date: 2008-03-18T00:00:00Z

Links: CVE-2008-0063 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-03-18T00:00:00", "descriptions": [{"lang": "en", "value": "The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka \"Uninitialized stack values.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2008-1744", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/1744"}, {"name": "29457", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29457"}, {"name": "MDVSA-2008:069", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:069"}, {"name": "29464", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29464"}, {"name": "GLSA-200803-31", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml"}, {"name": "krb5-kdc-kerberos4-info-disclosure(41277)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41277"}, {"name": "FEDORA-2008-2637", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html"}, {"name": "MDVSA-2008:071", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:071"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0112"}, {"name": "1019627", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1019627"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html"}, {"name": "29451", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29451"}, {"name": "29663", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29663"}, {"name": "FEDORA-2008-2647", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112"}, {"name": "29438", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29438"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"}, {"name": "ADV-2008-0924", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/0924/references"}, {"name": "RHSA-2008:0164", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0164.html"}, {"name": "MDVSA-2008:070", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:070"}, {"name": "ADV-2008-0922", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/0922/references"}, {"name": "29450", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29450"}, {"name": "29435", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29435"}, {"name": "20080319 rPSA-2008-0112-1 krb5 krb5-server krb5-services krb5-test krb5-workstation", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/489883/100/0/threaded"}, {"name": "29428", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29428"}, {"name": "29420", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29420"}, {"name": "DSA-1524", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2008/dsa-1524"}, {"name": "30535", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30535"}, {"name": "APPLE-SA-2008-03-18", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"}, {"name": "RHSA-2008:0182", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0182.html"}, {"name": "oval:org.mitre.oval:def:8916", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8916"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html"}, {"name": "20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"}, {"name": "RHSA-2008:0180", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0180.html"}, {"name": "SUSE-SA:2008:016", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html"}, {"name": "29516", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29516"}, {"name": "29462", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29462"}, {"name": "29424", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29424"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://docs.info.apple.com/article.html?artnum=307562"}, {"name": "RHSA-2008:0181", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0181.html"}, {"name": "29423", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29423"}, {"name": "USN-587-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-587-1"}, {"name": "ADV-2008-1102", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/1102/references"}, {"name": "28303", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/28303"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt"}, {"name": "20080318 MITKRB5-SA-2008-001: double-free, uninitialized data vulnerabilities in krb5kdc", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/489761"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-0063", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka \"Uninitialized stack values.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2008-1744", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1744"}, {"name": "29457", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29457"}, {"name": "MDVSA-2008:069", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:069"}, {"name": "29464", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29464"}, {"name": "GLSA-200803-31", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml"}, {"name": "krb5-kdc-kerberos4-info-disclosure(41277)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41277"}, {"name": "FEDORA-2008-2637", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html"}, {"name": "MDVSA-2008:071", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:071"}, {"name": "http://wiki.rpath.com/Advisories:rPSA-2008-0112", "refsource": "CONFIRM", "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0112"}, {"name": "1019627", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1019627"}, {"name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html", "refsource": "CONFIRM", "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html"}, {"name": "29451", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29451"}, {"name": "29663", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29663"}, {"name": "FEDORA-2008-2647", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html"}, {"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112", "refsource": "CONFIRM", "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112"}, {"name": "29438", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29438"}, {"name": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"}, {"name": "ADV-2008-0924", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0924/references"}, {"name": "RHSA-2008:0164", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0164.html"}, {"name": "MDVSA-2008:070", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:070"}, {"name": "ADV-2008-0922", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0922/references"}, {"name": "29450", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29450"}, {"name": "29435", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29435"}, {"name": "20080319 rPSA-2008-0112-1 krb5 krb5-server krb5-services krb5-test krb5-workstation", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/489883/100/0/threaded"}, {"name": "29428", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29428"}, {"name": "29420", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29420"}, {"name": "DSA-1524", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2008/dsa-1524"}, {"name": "30535", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30535"}, {"name": "APPLE-SA-2008-03-18", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"}, {"name": "RHSA-2008:0182", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0182.html"}, {"name": "oval:org.mitre.oval:def:8916", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8916"}, {"name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html", "refsource": "CONFIRM", "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html"}, {"name": "20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"}, {"name": "RHSA-2008:0180", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0180.html"}, {"name": "SUSE-SA:2008:016", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html"}, {"name": "29516", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29516"}, {"name": "29462", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29462"}, {"name": "29424", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29424"}, {"name": "http://docs.info.apple.com/article.html?artnum=307562", "refsource": "CONFIRM", "url": "http://docs.info.apple.com/article.html?artnum=307562"}, {"name": "RHSA-2008:0181", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0181.html"}, {"name": "29423", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29423"}, {"name": "USN-587-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-587-1"}, {"name": "ADV-2008-1102", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1102/references"}, {"name": "28303", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28303"}, {"name": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt", "refsource": "CONFIRM", "url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt"}, {"name": "20080318 MITKRB5-SA-2008-001: double-free, uninitialized data vulnerabilities in krb5kdc", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/489761"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T07:32:23.883Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2008-1744", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/1744"}, {"name": "29457", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29457"}, {"name": "MDVSA-2008:069", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:069"}, {"name": "29464", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29464"}, {"name": "GLSA-200803-31", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml"}, {"name": "krb5-kdc-kerberos4-info-disclosure(41277)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41277"}, {"name": "FEDORA-2008-2637", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html"}, {"name": "MDVSA-2008:071", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:071"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0112"}, {"name": "1019627", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1019627"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html"}, {"name": "29451", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29451"}, {"name": "29663", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29663"}, {"name": "FEDORA-2008-2647", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112"}, {"name": "29438", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29438"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"}, {"name": "ADV-2008-0924", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/0924/references"}, {"name": "RHSA-2008:0164", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0164.html"}, {"name": "MDVSA-2008:070", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:070"}, {"name": "ADV-2008-0922", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/0922/references"}, {"name": "29450", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29450"}, {"name": "29435", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29435"}, {"name": "20080319 rPSA-2008-0112-1 krb5 krb5-server krb5-services krb5-test krb5-workstation", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/489883/100/0/threaded"}, {"name": "29428", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29428"}, {"name": "29420", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29420"}, {"name": "DSA-1524", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2008/dsa-1524"}, {"name": "30535", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/30535"}, {"name": "APPLE-SA-2008-03-18", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"}, {"name": "RHSA-2008:0182", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0182.html"}, {"name": "oval:org.mitre.oval:def:8916", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8916"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html"}, {"name": "20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"}, {"name": "RHSA-2008:0180", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0180.html"}, {"name": "SUSE-SA:2008:016", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html"}, {"name": "29516", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29516"}, {"name": "29462", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29462"}, {"name": "29424", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29424"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://docs.info.apple.com/article.html?artnum=307562"}, {"name": "RHSA-2008:0181", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0181.html"}, {"name": "29423", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29423"}, {"name": "USN-587-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/usn-587-1"}, {"name": "ADV-2008-1102", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/1102/references"}, {"name": "28303", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/28303"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt"}, {"name": "20080318 MITKRB5-SA-2008-001: double-free, uninitialized data vulnerabilities in krb5kdc", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/489761"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-0063", "datePublished": "2008-03-19T10:00:00", "dateReserved": "2008-01-03T00:00:00", "dateUpdated": "2024-08-07T07:32:23.883Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*", "matchCriteriaId": "904FBF9F-9269-4088-BD5A-3C773E6F841E", "versionEndIncluding": "1.6.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "A1E0F574-6859-45A6-B160-7DDE92C07CC7", "versionEndExcluding": "10.4.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "D139BCA7-8B43-4BDE-9AE9-5F41F4B6BD0D", "versionEndExcluding": "10.5.2", "versionStartIncluding": "10.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "B2D0444E-6B76-46EE-95EF-617F8967F6B6", "versionEndExcluding": "10.4.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "E4317913-336B-40CD-AF63-9F11C374419D", "versionEndExcluding": "10.5.2", "versionStartIncluding": "10.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:10.2:*:*:*:*:*:*:*", "matchCriteriaId": "24818450-FDA1-429A-AC17-68F44F584217", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*", "matchCriteriaId": "C35B68DF-1440-4587-8458-9C5F4D1E43F3", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux:10.1:*:*:*:*:*:*:*", "matchCriteriaId": "A9BD0E68-2DC1-47EA-882A-6F5921A0F1BF", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp1:*:*:*:*:*:*", "matchCriteriaId": "C8FC5E32-C9E3-49F6-9481-1DB60DEE8A07", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp1:*:*:*:*:*:*", "matchCriteriaId": "29184B59-5756-48DB-930C-69D5CD628548", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp1:*:*:*:*:*:*", "matchCriteriaId": "33EB57D5-DE8D-417C-8C00-AD331D61181C", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*", "matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*", "matchCriteriaId": "23E304C9-F780-4358-A58D-1E4C93977704", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*", "matchCriteriaId": "6EBDAFF8-DE44-4E80-B6BD-E341F767F501", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*", "matchCriteriaId": "823BF8BE-2309-4F67-A5E2-EAD98F723468", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:*", "matchCriteriaId": "E3EFD171-01F7-450B-B6F3-0F7E443A2337", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*", "matchCriteriaId": "72E4DB7F-07C3-46BB-AAA2-05CD0312C57F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka \"Uninitialized stack values.\""}, {"lang": "es", "value": "El soporte Kerberos 4 en KDC en MIT Kerberos 5 (krb5kdc) no borra apropiadamente la parte no utilizada de un b\u00fafer cuando se genera un mensaje de error, lo que podr\u00eda permitir a los atacantes remotos obtener informaci\u00f3n confidencial, tambi\u00e9n se conoce como \"Uninitialized stack values.\""}], "id": "CVE-2008-0063", "lastModified": "2024-11-21T00:41:05.150", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2008-03-19T10:44:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://docs.info.apple.com/article.html?artnum=307562"}, {"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/29420"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/29423"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/29424"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/29428"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/29435"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/29438"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/29450"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/29451"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/29457"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/29462"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/29464"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/29516"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/29663"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/30535"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0112"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2008/dsa-1524"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:069"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:070"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:071"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0164.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0180.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0181.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0182.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/489761"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/489883/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/28303"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id?1019627"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/usn-587-1"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2008/0922/references"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2008/0924/references"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2008/1102/references"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2008/1744"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41277"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8916"}, {"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://docs.info.apple.com/article.html?artnum=307562"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/29420"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/29423"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/29424"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/29428"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/29435"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/29438"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/29450"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/29451"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/29457"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/29462"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/29464"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/29516"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/29663"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/30535"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0112"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2008/dsa-1524"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:069"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:070"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:071"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0164.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0180.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0181.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0182.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/489761"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/489883/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/28303"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id?1019627"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/usn-587-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2008/0922/references"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2008/0924/references"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2008/1102/references"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2008/1744"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41277"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8916"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-908"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank MIT for reporting this issue.", "affected_release": [{"advisory": "RHSA-2008:0181", "cpe": "cpe:/o:redhat:enterprise_linux:2.1", "package": "krb5-0:1.2.2-48", "product_name": "Red Hat Enterprise Linux 2.1", "release_date": "2008-03-18T00:00:00Z"}, {"advisory": "RHSA-2008:0181", "cpe": "cpe:/o:redhat:enterprise_linux:3", "package": "krb5-0:1.2.7-68", "product_name": "Red Hat Enterprise Linux 3", "release_date": "2008-03-18T00:00:00Z"}, {"advisory": "RHSA-2008:0180", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "krb5-0:1.3.4-54.el4_6.1", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2008-03-18T00:00:00Z"}, {"advisory": "RHSA-2008:0182", "cpe": "cpe:/o:redhat:rhel_eus:4.5", "package": "krb5-0:1.3.4-49.el4_5.1", "product_name": "Red Hat Enterprise Linux 4.5 Z Stream", "release_date": "2008-03-18T00:00:00Z"}, {"advisory": "RHSA-2008:0164", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "krb5-0:1.6.1-17.el5_1.1", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2008-03-18T00:00:00Z"}], "bugzilla": {"description": "krb5: possible leak of sensitive data from krb5kdc using krb4 request", "id": "432621", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=432621"}, "csaw": false, "details": ["The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka \"Uninitialized stack values.\""], "name": "CVE-2008-0063", "public_date": "2008-03-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2008-0063\nhttps://nvd.nist.gov/vuln/detail/CVE-2008-0063"], "threat_severity": "Moderate"}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object