Buffer Handling Flaw in Kerberos 4 Support in MIT Kerberos 5
CVE-2008-0063

7.5HIGH

Key Information:

Vendor

Mit

Status
Kerberos 5
Vendor
CVE Published:
19 March 2008

What is CVE-2008-0063?

The KDC component of MIT Kerberos 5 (krb5kdc) contains a vulnerability related to the Kerberos 4 support. It fails to securely clear unused sections of memory when generating error messages. This oversight can potentially expose uninitialized data from the stack, allowing remote attackers to access sensitive information, thereby increasing the risk of further exploitation.

References

http://www.vupen.com/english/advisories/2008/1744
vdb-entryx_refsource_VUPEN
http://secunia.com/advisories/29457
third-party-advisoryx_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDVSA-20...
vendor-advisoryx_refsource_MANDRIVA

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.