SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2008-0063

Date: (C)2008-03-19 (M)2024-02-16

The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:		CVSS V2 Severity:
CVSS Score : 7.5		CVSS Score : 4.3
Exploit Score: 3.9		Exploit Score: 8.6
Impact Score: 3.6		Impact Score: 2.9

CVSS V3 Metrics:		CVSS V2 Metrics:
Attack Vector: NETWORK		Access Vector: NETWORK
Attack Complexity: LOW		Access Complexity: MEDIUM
Privileges Required: NONE		Authentication: NONE
User Interaction: NONE		Confidentiality: PARTIAL
Scope: UNCHANGED		Integrity: NONE
Confidentiality: HIGH		Availability: NONE
Integrity: NONE
Availability: NONE

Reference:

SECTRACK-1019627

http://www.securityfocus.com/archive/1/489761

http://www.securityfocus.com/archive/1/489883/100/0/threaded

http://www.securityfocus.com/archive/1/493080/100/0/threaded

APPLE-SA-2008-03-18

FEDORA-2008-2637

FEDORA-2008-2647

SUSE-SA:2008:016

http://docs.info.apple.com/article.html?artnum=307562

http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html

http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt

http://wiki.rpath.com/Advisories:rPSA-2008-0112

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112

http://www.vmware.com/security/advisories/VMSA-2008-0009.html

krb5-kdc-kerberos4-info-disclosure(41277)

oval:org.mitre.oval:def:8916

oval:org.secpod.oval:def:301322
oval:org.secpod.oval:def:301385
oval:org.mitre.oval:def:8094

© SecPod Technologies