9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 High
AI Score
Confidence
High
0.602 Medium
EPSS
Percentile
97.8%
CentOS Errata and Security Advisory CESA-2008:0181
Kerberos is a network authentication system which allows clients and
servers to authenticate to each other through use of symmetric encryption
and a trusted third party, the KDC.
A flaw was found in the way the MIT Kerberos Authentication Service and Key
Distribution Center server (krb5kdc) handled Kerberos v4 protocol packets.
An unauthenticated remote attacker could use this flaw to crash the
krb5kdc daemon, disclose portions of its memory, or possibly execute
arbitrary code using malformed or truncated Kerberos v4 protocol
requests. (CVE-2008-0062, CVE-2008-0063)
This issue only affected krb5kdc with Kerberos v4 protocol compatibility
enabled, which is the default setting on Red Hat Enterprise Linux 4.
Kerberos v4 protocol support can be disabled by adding βv4_mode=noneβ
(without the quotes) to the β[kdcdefaults]β section of
/var/kerberos/krb5kdc/kdc.conf.
A flaw was found in the RPC library used by the MIT Kerberos kadmind
server. An unauthenticated remote attacker could use this flaw to crash
kadmind. This issue only affected systems with certain resource limits
configured and did not affect systems using default resource limits used by
Red Hat Enterprise Linux 2.1 or 3. (CVE-2008-0948)
Red Hat would like to thank MIT for reporting these issues.
All krb5 users are advised to update to these erratum packages which
contain backported fixes to correct these issues.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2008-March/076916.html
https://lists.centos.org/pipermail/centos-announce/2008-March/076917.html
https://lists.centos.org/pipermail/centos-announce/2008-March/076935.html
https://lists.centos.org/pipermail/centos-announce/2008-March/076937.html
Affected packages:
krb5-devel
krb5-libs
krb5-server
krb5-workstation
Upstream details at:
https://access.redhat.com/errata/RHSA-2008:0181
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 3 | i386 | krb5-devel | <Β 1.2.7-68 | krb5-devel-1.2.7-68.i386.rpm |
CentOS | 3 | i386 | krb5-libs | <Β 1.2.7-68 | krb5-libs-1.2.7-68.i386.rpm |
CentOS | 3 | i386 | krb5-server | <Β 1.2.7-68 | krb5-server-1.2.7-68.i386.rpm |
CentOS | 3 | i386 | krb5-workstation | <Β 1.2.7-68 | krb5-workstation-1.2.7-68.i386.rpm |
CentOS | 3 | x86_64 | krb5-devel | <Β 1.2.7-68 | krb5-devel-1.2.7-68.x86_64.rpm |
CentOS | 3 | i386 | krb5-libs | <Β 1.2.7-68 | krb5-libs-1.2.7-68.i386.rpm |
CentOS | 3 | x86_64 | krb5-libs | <Β 1.2.7-68 | krb5-libs-1.2.7-68.x86_64.rpm |
CentOS | 3 | x86_64 | krb5-server | <Β 1.2.7-68 | krb5-server-1.2.7-68.x86_64.rpm |
CentOS | 3 | x86_64 | krb5-workstation | <Β 1.2.7-68 | krb5-workstation-1.2.7-68.x86_64.rpm |
CentOS | 3 | ia64 | krb5-devel | <Β 1.2.7-68.c3 | krb5-devel-1.2.7-68.c3.ia64.rpm |
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 High
AI Score
Confidence
High
0.602 Medium
EPSS
Percentile
97.8%