CVE-2008-0063

high-risk
Published 2008-03-19

The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."

Do I need to act?

~
4.9% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (17)

Linux

Affected Vendors

Suse Fedoraproject Mit Apple Canonical Opensuse Debian

References (92)

Broken Link http://docs.info.apple.com/article.html?artnum=307562
Mailing List http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html
Broken Link http://secunia.com/advisories/29420
Broken Link http://secunia.com/advisories/29423
Broken Link http://secunia.com/advisories/29424
Broken Link http://secunia.com/advisories/29428
Broken Link http://secunia.com/advisories/29435
Broken Link http://secunia.com/advisories/29438
Broken Link http://secunia.com/advisories/29450
Broken Link http://secunia.com/advisories/29451
Broken Link http://secunia.com/advisories/29457
Broken Link http://secunia.com/advisories/29462
Broken Link http://secunia.com/advisories/29464
Broken Link http://secunia.com/advisories/29516
Broken Link http://secunia.com/advisories/29663
Broken Link http://secunia.com/advisories/30535
Broken Link http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520....
Broken Link http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542....
Third Party Advisory http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt
and 72 more references
53
/ 100
high-risk
Severity 26/34 · High
Exploitability 8/34 · Low
Exposure 19/34 · Moderate