Launchpad.net

CVE 2008-0063

The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."

Related bugs and status

CVE-2008-0063 (Candidate) is related to these bugs:

Bug #210172: [CVE-2007-5971] Kerberos vulnerability

Summary				In	Importance	Status
	210172	[CVE-2007-5971] Kerberos vulnerability		krb5 (Ubuntu)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

BUGTRAQ: 20080318 MITKRB5-SA-20...
CONFIRM: http://web.mit.edu/ker...
CONFIRM: http://docs.info.apple...
APPLE: APPLE-SA-2008-03-18
MANDRIVA: MDVSA-2008:070
MANDRIVA: MDVSA-2008:071
SUSE: SUSE-SA:2008:016
UBUNTU: USN-587-1
SECUNIA: 29428
SECUNIA: 29438
CONFIRM: http://wiki.rpath.com/...
CONFIRM: http://wiki.rpath.com/...
DEBIAN: DSA-1524
FEDORA: FEDORA-2008-2637
FEDORA: FEDORA-2008-2647
GENTOO: GLSA-200803-31
MANDRIVA: MDVSA-2008:069
REDHAT: RHSA-2008:0164
REDHAT: RHSA-2008:0180
REDHAT: RHSA-2008:0181
BID: 28303
SECTRACK: 1019627
SECUNIA: 29420
SECUNIA: 29435
SECUNIA: 29450
SECUNIA: 29451
SECUNIA: 29457
SECUNIA: 29464
SECUNIA: 29423
SECUNIA: 29462
SECUNIA: 29516
CONFIRM: http://support.novell....
CONFIRM: http://support.novell....
SECUNIA: 29663
SECUNIA: 29424
REDHAT: RHSA-2008:0182
CONFIRM: http://www.vmware.com/...
SECUNIA: 30535
VUPEN: ADV-2008-0922
VUPEN: ADV-2008-0924
VUPEN: ADV-2008-1102
VUPEN: ADV-2008-1744
XF: krb5-kdc-kerberos4-inf...
OVAL: oval:org.mitre.oval:de...
BUGTRAQ: 20080319 rPSA-2008-011...
BUGTRAQ: 20080604 VMSA-2008-000...