SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2008-0062

Date: (C)2008-03-19 (M)2024-02-16

KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:		CVSS V2 Severity:
CVSS Score : 9.8		CVSS Score : 9.3
Exploit Score: 3.9		Exploit Score: 8.6
Impact Score: 5.9		Impact Score: 10.0

CVSS V3 Metrics:		CVSS V2 Metrics:
Attack Vector: NETWORK		Access Vector: NETWORK
Attack Complexity: LOW		Access Complexity: MEDIUM
Privileges Required: NONE		Authentication: NONE
User Interaction: NONE		Confidentiality: COMPLETE
Scope: UNCHANGED		Integrity: COMPLETE
Confidentiality: HIGH		Availability: COMPLETE
Integrity: HIGH
Availability: HIGH

Reference:

SECTRACK-1019626

http://www.securityfocus.com/archive/1/489761

http://www.securityfocus.com/archive/1/489883/100/0/threaded

http://www.securityfocus.com/archive/1/493080/100/0/threaded

APPLE-SA-2008-03-18

FEDORA-2008-2637

FEDORA-2008-2647

SUSE-SA:2008:016

http://docs.info.apple.com/article.html?artnum=307562

http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html

http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt

http://wiki.rpath.com/Advisories:rPSA-2008-0112

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112

http://www.vmware.com/security/advisories/VMSA-2008-0009.html

krb5-kdc-code-execution(41275)

oval:org.mitre.oval:def:9496

oval:org.secpod.oval:def:301322
oval:org.secpod.oval:def:301385
oval:org.mitre.oval:def:8094

© SecPod Technologies