7.5

CVE-2008-0063

The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MitKerberos 5 Version <= 1.6.3
ApplemacOS X Version < 10.4.11
ApplemacOS X Version >= 10.5.0 < 10.5.2
ApplemacOS X Server Version < 10.4.11
ApplemacOS X Server Version >= 10.5.0 < 10.5.2
OpensuseOpensuse Version10.2
OpensuseOpensuse Version10.3
SuseLinux Version10.1
SuseLinux Enterprise Desktop Version10 Updatesp1
SuseLinux Enterprise Server Version10 Updatesp1
DebianDebian Linux Version3.1
DebianDebian Linux Version4.0
CanonicalUbuntu Linux Version6.06
CanonicalUbuntu Linux Version6.10
CanonicalUbuntu Linux Version7.04
CanonicalUbuntu Linux Version7.10
FedoraprojectFedora Version7
FedoraprojectFedora Version8
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.48% 0.876
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N
CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

http://docs.info.apple.com/article.html?artnum=307562
Broken Link
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
Mailing List
http://www.vupen.com/english/advisories/2008/0924/references
Vendor Advisory
Broken Link
http://secunia.com/advisories/29420
Vendor Advisory
Broken Link
http://secunia.com/advisories/30535
Vendor Advisory
Broken Link
http://www.securityfocus.com/archive/1/493080/100/0/threaded
Third Party Advisory
Broken Link
VDB Entry
http://www.vmware.com/security/advisories/VMSA-2008-0009.html
Third Party Advisory
http://www.vupen.com/english/advisories/2008/1744
Vendor Advisory
Broken Link
http://secunia.com/advisories/29457
Vendor Advisory
Broken Link
http://wiki.rpath.com/Advisories:rPSA-2008-0112
Broken Link
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112
Broken Link
http://www.securityfocus.com/archive/1/489883/100/0/threaded
Third Party Advisory
Broken Link
VDB Entry
http://secunia.com/advisories/29451
Vendor Advisory
Broken Link
http://secunia.com/advisories/29464
Vendor Advisory
Broken Link
http://secunia.com/advisories/29516
Vendor Advisory
Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2008:069
Patch
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0164.html
Broken Link
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html
Mailing List
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html
Mailing List
http://secunia.com/advisories/29450
Vendor Advisory
Broken Link
http://secunia.com/advisories/29462
Vendor Advisory
Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2008:070
Patch
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0180.html
Broken Link
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html
Mailing List
http://secunia.com/advisories/29424
Vendor Advisory
Broken Link
http://secunia.com/advisories/29428
Vendor Advisory
Broken Link
http://secunia.com/advisories/29435
Vendor Advisory
Broken Link
http://secunia.com/advisories/29438
Vendor Advisory
Broken Link
http://secunia.com/advisories/29663
Vendor Advisory
Broken Link
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html
Broken Link
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html
Broken Link
http://www.debian.org/security/2008/dsa-1524
Third Party Advisory
http://www.ubuntu.com/usn/usn-587-1
Third Party Advisory
http://www.vupen.com/english/advisories/2008/0922/references
Vendor Advisory
Broken Link
http://www.vupen.com/english/advisories/2008/1102/references
Vendor Advisory
Broken Link
http://secunia.com/advisories/29423
Vendor Advisory
Broken Link
http://www.redhat.com/support/errata/RHSA-2008-0181.html
Broken Link
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt
Third Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:071
Patch
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0182.html
Broken Link
http://www.securityfocus.com/archive/1/489761
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/bid/28303
Third Party Advisory
Broken Link
VDB Entry
http://www.securitytracker.com/id?1019627
Third Party Advisory
Broken Link
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/41277
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8916
Broken Link