CVE-2008-0062Improper Initialization in Kerberos 5

CWE-665Improper Initialization8 documents8 sources
Severity
9.8CRITICALNVD
EPSS
16.3%
top 5.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
MIT Krb5MIT Kerberos 5Canonical Ubuntu Linux+2 more
Timeline
PublishedMar 19
Latest updateMay 1

Description

KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDmit/kerberos_51.6.3
Debianmit/krb5< 1.6.dfsg.3~beta1-4+3

Also affects: Debian Linux 3.1, 4.0, Fedora 7, 8, Ubuntu Linux 6.06, 6.10, 7.04, 7.10

🔴Vulnerability Details

3
GHSA
GHSA-f6c2-j3p8-vxvv: KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service2022-05-01
CVEList
CVE-2008-0062: KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service2008-03-19
OSV
CVE-2008-0062: KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service2008-03-19

📋Vendor Advisories

3
Ubuntu
Kerberos vulnerabilities2008-03-19
Red Hat
krb5: uninitialized pointer use in krb5kdc2008-03-18
Debian
CVE-2008-0062: krb5 - KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 mes...2008

💬Community

1
Bugzilla
CVE-2008-0062 krb5: uninitialized pointer use in krb5kdc2008-02-13
CVE-2008-0062 — Improper Initialization in Kerberos 5 | cvebase