Lucene search

MitreCVE-2008-0063

HistoryMar 19, 2008 - 10:44 a.m.

CVE-2008-0063

2008-03-1910:44:00

CWE-908

mitre

web.nvd.nist.gov

cve-2008-0063

kerberos 4

kdc

mit kerberos 5

krb5kdc

buffer overflow

remote attack

information disclosure

uninitialized stack values

security vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

8.6

Confidence

High

EPSS

0.043

Percentile

92.5%

JSON

The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka “Uninitialized stack values.”

Affected configurations

Nvd

Node

mitkerberos_5Range≤1.6.3

Node

applemac_os_xRange<10.4.11

applemac_os_xRange10.5.0–10.5.2

applemac_os_x_serverRange<10.4.11

applemac_os_x_serverRange10.5.0–10.5.2

Node

opensuseopensuseMatch10.2

opensuseopensuseMatch10.3

suselinuxMatch10.1

suselinux_enterprise_desktopMatch10sp1

suselinux_enterprise_serverMatch10sp1

suselinux_enterprise_software_development_kitMatch10sp1

Node

debiandebian_linuxMatch3.1

debiandebian_linuxMatch4.0

Node

canonicalubuntu_linuxMatch6.06

canonicalubuntu_linuxMatch6.10

canonicalubuntu_linuxMatch7.04

canonicalubuntu_linuxMatch7.10

Node

fedoraprojectfedoraMatch7

fedoraprojectfedoraMatch8

VendorProductVersionCPE
mitkerberos_5*cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*
applemac_os_x*cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
applemac_os_x_server*cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*
opensuseopensuse10.2cpe:2.3:o:opensuse:opensuse:10.2:*:*:*:*:*:*:*
opensuseopensuse10.3cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*
suselinux10.1cpe:2.3:o:suse:linux:10.1:*:*:*:*:*:*:*
suselinux_enterprise_desktop10cpe:2.3:o:suse:linux_enterprise_desktop:10:sp1:*:*:*:*:*:*
suselinux_enterprise_server10cpe:2.3:o:suse:linux_enterprise_server:10:sp1:*:*:*:*:*:*
suselinux_enterprise_software_development_kit10cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp1:*:*:*:*:*:*
debiandebian_linux3.1cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mit	kerberos_5	*	cpe:2.3:a:mit:kerberos_5::::::::
apple	mac_os_x	*	cpe:2.3:o:apple:mac_os_x::::::::
apple	mac_os_x_server	*	cpe:2.3:o:apple:mac_os_x_server::::::::
opensuse	opensuse	10.2	cpe:2.3:o:opensuse:opensuse:10.2:::::::*
opensuse	opensuse	10.3	cpe:2.3:o:opensuse:opensuse:10.3:::::::*
suse	linux	10.1	cpe:2.3:o:suse:linux:10.1:::::::*
suse	linux_enterprise_desktop	10	cpe:2.3:o:suse:linux_enterprise_desktop:10:sp1::::::
suse	linux_enterprise_server	10	cpe:2.3:o:suse:linux_enterprise_server:10:sp1::::::
suse	linux_enterprise_software_development_kit	10	cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp1::::::
debian	debian_linux	3.1	cpe:2.3:o:debian:debian_linux:3.1:::::::*

Rows per page:

1-10 of 171

References

docs.info.apple.com/article.html?artnum=307562

lists.apple.com/archives/security-announce/2008/Mar/msg00001.html

lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html

secunia.com/advisories/29420

secunia.com/advisories/29423

secunia.com/advisories/29424

secunia.com/advisories/29428

secunia.com/advisories/29435

secunia.com/advisories/29438

secunia.com/advisories/29450

secunia.com/advisories/29451

secunia.com/advisories/29457

secunia.com/advisories/29462

secunia.com/advisories/29464

secunia.com/advisories/29516

secunia.com/advisories/29663

secunia.com/advisories/30535

support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html

support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html

web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt

wiki.rpath.com/Advisories:rPSA-2008-0112

wiki.rpath.com/wiki/Advisories:rPSA-2008-0112

www.debian.org/security/2008/dsa-1524

www.gentoo.org/security/en/glsa/glsa-200803-31.xml

www.mandriva.com/security/advisories?name=MDVSA-2008:069

www.mandriva.com/security/advisories?name=MDVSA-2008:070

www.mandriva.com/security/advisories?name=MDVSA-2008:071

www.redhat.com/support/errata/RHSA-2008-0164.html

www.redhat.com/support/errata/RHSA-2008-0180.html

www.redhat.com/support/errata/RHSA-2008-0181.html

www.redhat.com/support/errata/RHSA-2008-0182.html

www.securityfocus.com/archive/1/489761

www.securityfocus.com/archive/1/489883/100/0/threaded

www.securityfocus.com/archive/1/493080/100/0/threaded

www.securityfocus.com/bid/28303

www.securitytracker.com/id?1019627

www.ubuntu.com/usn/usn-587-1

www.vmware.com/security/advisories/VMSA-2008-0009.html

www.vupen.com/english/advisories/2008/0922/references

www.vupen.com/english/advisories/2008/0924/references

www.vupen.com/english/advisories/2008/1102/references

www.vupen.com/english/advisories/2008/1744

exchange.xforce.ibmcloud.com/vulnerabilities/41277

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8916

www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html

www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

8.6

Confidence

High

EPSS

0.043

Percentile

92.5%

JSON

Related for CVE-2008-0063