CVE-2008-0063
published 2008-03-19CVE-2008-0063: The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might…
high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."
Affected
29 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | mac_os_x | < 10.4.11 | 10.4.11 |
| apple | mac_os_x | >= 10.5.0 < 10.5.2 | 10.5.2 |
| apple | mac_os_x_server | < 10.4.11 | 10.4.11 |
| apple | mac_os_x_server | >= 10.5.0 < 10.5.2 | 10.5.2 |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | krb5 | < krb5 1.6.dfsg.3~beta1-4 (bookworm) | krb5 1.6.dfsg.3~beta1-4 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| github.com | migueldeicaza_swiftterm | >= 0 < 1.2.0 | 1.2.0 |
| mit | kerberos_5 | <= 1.6.3 | — |
| mit | krb5 | >= 0 < 1.6.dfsg.3~beta1-4 | 1.6.dfsg.3~beta1-4 |
| mit | krb5 | >= 0 < 1.6.dfsg.3~beta1-4 | 1.6.dfsg.3~beta1-4 |
| mit | krb5 | >= 0 < 1.6.dfsg.3~beta1-4 | 1.6.dfsg.3~beta1-4 |
| mit | krb5 | >= 0 < 1.6.dfsg.3~beta1-4 | 1.6.dfsg.3~beta1-4 |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| suse | linux | — | — |
| suse | linux_enterprise_desktop | — | — |
| suse | linux_enterprise_server | — | — |
| suse | linux_enterprise_software_development_kit | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
ghsa7.3HIGH
osv7.5HIGH