CVE-2008-0062
published 2008-03-19CVE-2008-0062: KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash)…
PriorityP342critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
10.14%
95.1th percentile
KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | krb5 | < krb5 1.6.dfsg.3~beta1-4 (bookworm) | krb5 1.6.dfsg.3~beta1-4 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| mit | kerberos_5 | <= 1.6.3 | — |
| mit | krb5 | >= 0 < 1.6.dfsg.3~beta1-4 | 1.6.dfsg.3~beta1-4 |
| mit | krb5 | >= 0 < 1.6.dfsg.3~beta1-4 | 1.6.dfsg.3~beta1-4 |
| mit | krb5 | >= 0 < 1.6.dfsg.3~beta1-4 | 1.6.dfsg.3~beta1-4 |
| mit | krb5 | >= 0 < 1.6.dfsg.3~beta1-4 | 1.6.dfsg.3~beta1-4 |
| vmware | vmware_esxi | — | — |
| vmware | vmware_fusion | — | — |
| vmware | vmware_tools | — | — |
| vmware | vmware_workstation | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.8CRITICAL
vendor_debian9.8HIGH
vendor_redhat9.8CRITICAL
vendor_ubuntu9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VMware
Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues
vendor_vmware·2008-06-04·CVSS 2.6
CVE-2006-1721 [LOW] Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues
VMSA-2008-0009: Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues
Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues VMware Security Advisory VMware Security AdvisoryAdvisory ID: VMware Security AdvisorySynopsis: Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues VMware Security AdvisoryIssue date: VMware Security AdvisoryUpdated on:
CVEs: CVE-2006-1721, CVE-2007-4772, CVE-2007-5378, CVE-2007-5671, CVE-2008-0062, CVE-2008-0063, CVE-2008-0553, CVE-2008-0888, CVE-2
Ubuntu
Kerberos vulnerabilities
vendor_ubuntu·2008-03-19·CVSS 9.8
CVE-2008-0062 [CRITICAL] Kerberos vulnerabilities
Title: Kerberos vulnerabilities
Summary: Kerberos vulnerabilities
It was discovered that krb5 did not correctly handle certain krb4
requests. An unauthenticated remote attacker could exploit this flaw
by sending a specially crafted traffic, which could expose sensitive
information, cause a crash, or execute arbitrary code. (CVE-2008-0062,
CVE-2008-0063)
A flaw was discovered in the kadmind service's handling of file
descriptors. An unauthenticated remote attacker could send specially
crafted requests that would cause a crash, resulting in a denial of
service. Only systems with configurations allowing large numbers of
open file descriptors were vulnerable. (CVE-2008-0947)
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Red Hat
krb5: uninitialized pointer use in krb5kdc
vendor_redhat·2008-03-18·CVSS 9.8
CVE-2008-0062 [CRITICAL] krb5: uninitialized pointer use in krb5kdc
krb5: uninitialized pointer use in krb5kdc
KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.
Debian
CVE-2008-0062: krb5 - KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 mes...
vendor_debian·2008·CVSS 9.8
CVE-2008-0062 [CRITICAL] CVE-2008-0062: krb5 - KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 mes...
KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.
Scope: local
bookworm: resolved (fixed in 1.6.dfsg.3~beta1-4)
bullseye: resolved (fixed in 1.6.dfsg.3~beta1-4)
forky: resolved (fixed in 1.6.dfsg.3~beta1-4)
sid: resolved (fixed in 1.6.dfsg.3~beta1-4)
trixie: resolved (fixed in 1.6.dfsg.3~beta1-4)
GHSA
GHSA-f6c2-j3p8-vxvv: KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service
ghsa_unreviewed·2022-05-01
CVE-2008-0062 [HIGH] CWE-665 GHSA-f6c2-j3p8-vxvv: KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service
KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.
OSV
CVE-2008-0062: KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service
osv·2008-03-19·CVSS 9.8
CVE-2008-0062 [CRITICAL] CVE-2008-0062: KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service
KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.
No detection rules found.
No public exploits indexed.
CWE
Improper Initialization
mitre_cwe
CWE-665 Improper Initialization
CWE-665: Improper Initialization
The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.
This can have security implications when the associated resource is expected to have certain properties or values, such as a variable that determines whether a user has been authenticated or not.
Modes of Introduction:
Phase: Implementation
Note: This weakness can occur in code paths that are not well-tested, such as rare error conditions. This is because the use of uninitialized data would be noticed as a bug during frequently-used functionality.
Phase: Operation
Common Consequences:
Scope: Confidentiality. Impact: Read Memory, Read Application Data. When reusing a resource such as memory or a program
CWE
Use of Uninitialized Resource
mitre_cwe
CWE-908 Use of Uninitialized Resource
CWE-908: Use of Uninitialized Resource
The product uses or accesses a resource that has not been initialized.
When a resource has not been properly initialized, the product may behave unexpectedly. This may lead to a crash or invalid memory access, but the consequences vary depending on the type of resource and how it is used within the product.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Confidentiality. Impact: Read Memory, Read Application Data. When reusing a resource such as memory or a program variable, the original contents of that resource may not be cleared before it is sent to an untrusted party.
Scope: Availability. Impact: DoS: Crash, Exit, or Restart. The uninitialized resource may contain values that cause program flow to change in ways that t
CWE
Expired Pointer Dereference
mitre_cwe
CWE-825 Expired Pointer Dereference
CWE-825: Expired Pointer Dereference
The product dereferences a pointer that contains a location for memory that was previously valid, but is no longer valid.
When a product releases memory, but it maintains a pointer to that memory, then the memory might be re-allocated at a later time. If the original pointer is accessed to read or write data, then this could cause the product to read or modify data that is in use by a different function or process. Depending on how the newly-allocated memory is used, this could lead to a denial of service, information exposure, or code execution.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Confidentiality. Impact: Read Memory. If the expired pointer is used in a read operation, an attacker might be able to control data r
CWE
NULL Pointer Dereference
mitre_cwe
CWE-476 NULL Pointer Dereference
CWE-476: NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Availability. Impact: DoS: Crash, Exit, or Restart. NULL pointer dereferences usually result in the failure of the process unless exception handling (on some platforms) is available and implemented. Even when exception handling is being used, it can still be very difficult to return the software to a safe state of operation.
Scope: Integrity, Confidentiality. Impact: Execute Unauthorized Code or Commands, Read Memory, Modify Memory. In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code ex
http://docs.info.apple.com/article.html?artnum=307562http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.htmlhttp://marc.info/?l=bugtraq&m=130497213107107&w=2http://secunia.com/advisories/29420http://secunia.com/advisories/29423http://secunia.com/advisories/29424http://secunia.com/advisories/29428http://secunia.com/advisories/29435http://secunia.com/advisories/29438http://secunia.com/advisories/29450http://secunia.com/advisories/29451http://secunia.com/advisories/29457http://secunia.com/advisories/29462http://secunia.com/advisories/29464http://secunia.com/advisories/29516http://secunia.com/advisories/29663http://secunia.com/advisories/30535http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.htmlhttp://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.htmlhttp://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txthttp://wiki.rpath.com/Advisories:rPSA-2008-0112http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112http://www.debian.org/security/2008/dsa-1524http://www.gentoo.org/security/en/glsa/glsa-200803-31.xmlhttp://www.kb.cert.org/vuls/id/895609http://www.mandriva.com/security/advisories?name=MDVSA-2008:069http://www.mandriva.com/security/advisories?name=MDVSA-2008:070http://www.mandriva.com/security/advisories?name=MDVSA-2008:071http://www.redhat.com/support/errata/RHSA-2008-0164.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0180.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0181.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0182.htmlhttp://www.securityfocus.com/archive/1/489761http://www.securityfocus.com/archive/1/489883/100/0/threadedhttp://www.securityfocus.com/archive/1/493080/100/0/threadedhttp://www.securityfocus.com/bid/28303http://www.securitytracker.com/id?1019626http://www.ubuntu.com/usn/usn-587-1http://www.vmware.com/security/advisories/VMSA-2008-0009.htmlhttp://www.vupen.com/english/advisories/2008/0922/referenceshttp://www.vupen.com/english/advisories/2008/0924/referenceshttp://www.vupen.com/english/advisories/2008/1102/referenceshttp://www.vupen.com/english/advisories/2008/1744https://exchange.xforce.ibmcloud.com/vulnerabilities/41275https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9496https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.htmlhttp://docs.info.apple.com/article.html?artnum=307562http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.htmlhttp://marc.info/?l=bugtraq&m=130497213107107&w=2http://secunia.com/advisories/29420http://secunia.com/advisories/29423http://secunia.com/advisories/29424http://secunia.com/advisories/29428http://secunia.com/advisories/29435http://secunia.com/advisories/29438http://secunia.com/advisories/29450http://secunia.com/advisories/29451http://secunia.com/advisories/29457http://secunia.com/advisories/29462http://secunia.com/advisories/29464http://secunia.com/advisories/29516http://secunia.com/advisories/29663http://secunia.com/advisories/30535http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.htmlhttp://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.htmlhttp://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txthttp://wiki.rpath.com/Advisories:rPSA-2008-0112http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112http://www.debian.org/security/2008/dsa-1524http://www.gentoo.org/security/en/glsa/glsa-200803-31.xmlhttp://www.kb.cert.org/vuls/id/895609http://www.mandriva.com/security/advisories?name=MDVSA-2008:069http://www.mandriva.com/security/advisories?name=MDVSA-2008:070http://www.mandriva.com/security/advisories?name=MDVSA-2008:071http://www.redhat.com/support/errata/RHSA-2008-0164.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0180.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0181.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0182.htmlhttp://www.securityfocus.com/archive/1/489761http://www.securityfocus.com/archive/1/489883/100/0/threadedhttp://www.securityfocus.com/archive/1/493080/100/0/threadedhttp://www.securityfocus.com/bid/28303http://www.securitytracker.com/id?1019626http://www.ubuntu.com/usn/usn-587-1http://www.vmware.com/security/advisories/VMSA-2008-0009.htmlhttp://www.vupen.com/english/advisories/2008/0922/referenceshttp://www.vupen.com/english/advisories/2008/0924/referenceshttp://www.vupen.com/english/advisories/2008/1102/referenceshttp://www.vupen.com/english/advisories/2008/1744https://exchange.xforce.ibmcloud.com/vulnerabilities/41275https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9496https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html
2008-03-19
Published