9.8

CVE-2008-0062

KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MitKerberos 5 Version <= 1.6.3
DebianDebian Linux Version3.1
DebianDebian Linux Version4.0
CanonicalUbuntu Linux Version6.06
CanonicalUbuntu Linux Version6.10
CanonicalUbuntu Linux Version7.04
CanonicalUbuntu Linux Version7.10
FedoraprojectFedora Version7
FedoraprojectFedora Version8
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 10.14% 0.951
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-665 Improper Initialization

The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.

http://docs.info.apple.com/article.html?artnum=307562
Broken Link
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
Mailing List
http://www.vupen.com/english/advisories/2008/0924/references
Broken Link
http://secunia.com/advisories/29420
Broken Link
http://secunia.com/advisories/30535
Broken Link
http://www.securityfocus.com/archive/1/493080/100/0/threaded
Third Party Advisory
Broken Link
VDB Entry
http://www.vmware.com/security/advisories/VMSA-2008-0009.html
Third Party Advisory
http://www.vupen.com/english/advisories/2008/1744
Broken Link
http://secunia.com/advisories/29457
Broken Link
http://wiki.rpath.com/Advisories:rPSA-2008-0112
Broken Link
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112
Broken Link
http://www.securityfocus.com/archive/1/489883/100/0/threaded
Third Party Advisory
Broken Link
VDB Entry
http://secunia.com/advisories/29451
Broken Link
http://secunia.com/advisories/29464
Broken Link
http://secunia.com/advisories/29516
Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2008:069
Broken Link
http://www.redhat.com/support/errata/RHSA-2008-0164.html
Broken Link
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html
Mailing List
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html
Mailing List
http://secunia.com/advisories/29450
Broken Link
http://secunia.com/advisories/29462
Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2008:070
Broken Link
http://www.redhat.com/support/errata/RHSA-2008-0180.html
Broken Link
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html
Mailing List
http://marc.info/?l=bugtraq&m=130497213107107&w=2
Mailing List
http://secunia.com/advisories/29424
Broken Link
http://secunia.com/advisories/29428
Broken Link
http://secunia.com/advisories/29435
Broken Link
http://secunia.com/advisories/29438
Broken Link
http://secunia.com/advisories/29663
Broken Link
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html
Broken Link
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html
Broken Link
http://www.debian.org/security/2008/dsa-1524
Third Party Advisory
http://www.ubuntu.com/usn/usn-587-1
Third Party Advisory
http://www.vupen.com/english/advisories/2008/0922/references
Broken Link
http://www.vupen.com/english/advisories/2008/1102/references
Broken Link
http://secunia.com/advisories/29423
Broken Link
http://www.redhat.com/support/errata/RHSA-2008-0181.html
Broken Link
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt
Third Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml
Third Party Advisory
http://www.kb.cert.org/vuls/id/895609
Third Party Advisory
US Government Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2008:071
Broken Link
http://www.redhat.com/support/errata/RHSA-2008-0182.html
Broken Link
http://www.securityfocus.com/archive/1/489761
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/bid/28303
Third Party Advisory
Broken Link
VDB Entry
http://www.securitytracker.com/id?1019626
Third Party Advisory
Broken Link
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/41275
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9496
Broken Link