CVE-2008-0063 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2008-0063?

CVE-2008-0063 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2008-0063?

Check the references section above for vendor advisories and patch information. Affected products include: Mit Kerberos 5, Apple Mac Os X, Apple Mac Os X Server, Opensuse Opensuse, Suse Linux.

Vulnerability Description

The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Mit	Kerberos 5	<= 1.6.3
Apple	Mac Os X	< 10.4.11
Apple	Mac Os X Server	< 10.4.11
Opensuse	Opensuse	10.2
Suse	Linux	10.1
Suse	Linux Enterprise Desktop	10
Suse	Linux Enterprise Server	10
Suse	Linux Enterprise Software Development Kit	10
Debian	Debian Linux	3.1
Canonical	Ubuntu Linux	6.06
Fedoraproject	Fedora	7

Related Weaknesses (CWE)

CWE-908

References

http://docs.info.apple.com/article.html?artnum=307562Broken Link
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.htmlMailing List
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.htmlMailing List
http://secunia.com/advisories/29420Broken LinkVendor Advisory
http://secunia.com/advisories/29423Broken LinkVendor Advisory
http://secunia.com/advisories/29424Broken LinkVendor Advisory
http://secunia.com/advisories/29428Broken LinkVendor Advisory
http://secunia.com/advisories/29435Broken LinkVendor Advisory
http://secunia.com/advisories/29438Broken LinkVendor Advisory
http://secunia.com/advisories/29450Broken LinkVendor Advisory
http://secunia.com/advisories/29451Broken LinkVendor Advisory
http://secunia.com/advisories/29457Broken LinkVendor Advisory
http://secunia.com/advisories/29462Broken LinkVendor Advisory
http://secunia.com/advisories/29464Broken LinkVendor Advisory
http://secunia.com/advisories/29516Broken LinkVendor Advisory

FAQ

What is CVE-2008-0063?

CVE-2008-0063 is a vulnerability with a CVSS score of 7.5 (HIGH). The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitiv...

How severe is CVE-2008-0063?

CVE-2008-0063 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2008-0063?

Check the references section above for vendor advisories and patch information. Affected products include: Mit Kerberos 5, Apple Mac Os X, Apple Mac Os X Server, Opensuse Opensuse, Suse Linux.