Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0062

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-0062
Last Modified 06 Sep 2011 10:41:51
Published 19 Mar 2008 06:44:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-0062

Summary

KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.

Vulnerable Systems

Application

  • Mit Kerberos 5 1.6.3 Kdc


References

CERT-VN - VU#895609

CONFIRM - http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt

XF - krb5-kdc-code-execution(41275)

VUPEN - ADV-2008-1744

VUPEN - ADV-2008-1102

VUPEN - ADV-2008-0924

VUPEN - ADV-2008-0922

BUGTRAQ - 20080318 MITKRB5-SA-2008-001: double-free, uninitialized data vulnerabilities in krb5kdc

HP - SSRT100495

HP - HPSBOV02682

APPLE - APPLE-SA-2008-03-18

CONFIRM - http://docs.info.apple.com/article.html?artnum=307562

FEDORA - FEDORA-2008-2647

FEDORA - FEDORA-2008-2637

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2008-0009.html

UBUNTU - USN-587-1

SECTRACK - 1019626

BID - 28303

BUGTRAQ - 20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues

BUGTRAQ - 20080319 rPSA-2008-0112-1 krb5 krb5-server krb5-services krb5-test krb5-workstation

REDHAT - RHSA-2008:0182

REDHAT - RHSA-2008:0181

REDHAT - RHSA-2008:0180

REDHAT - RHSA-2008:0164

MANDRIVA - MDVSA-2008:071

MANDRIVA - MDVSA-2008:070

MANDRIVA - MDVSA-2008:069

GENTOO - GLSA-200803-31

DEBIAN - DSA-1524

CONFIRM - http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112

CONFIRM - http://wiki.rpath.com/Advisories:rPSA-2008-0112

CONFIRM - http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html

CONFIRM - http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html

SECUNIA - 30535

SECUNIA - 29663

SECUNIA - 29516

SECUNIA - 29464

SECUNIA - 29462

SECUNIA - 29457

SECUNIA - 29451

SECUNIA - 29450

SECUNIA - 29438

SECUNIA - 29435

SECUNIA - 29428

SECUNIA - 29424

SECUNIA - 29423

SECUNIA - 29420

SUSE - SUSE-SA:2008:016

Related Patches

Apple 2008-03-18 Security Update 2008-002 v1.0 Server (Tiger PPC)

Apple 2008-03-18 Security Update 2008-002 v1.0 Client (Tiger PPC)

Apple 2008-03-18 Security Update 2008-002 v1.0 Server (Tiger Universal)

Apple 2008-03-18 Security Update 2008-002 v1.0 Client (Tiger Universal)

Apple 2008-03-18 Security Update 2008-002 v1.0 Client (Leopard)

Apple 2008-03-26 Security Update 2008-002 v1.1 Server (Leopard) (Rev 2)

Apple 2008-03-26 Security Update 2008-002 v1.1 Client (Leopard) (Rev 2)

Novell SUSE 2008:5082 krb5 security update for SLE 10 SP1 i586

VMware VMSA 2008-0009.2 VMware Fusion 2.0.1 Update for Mac (Rev 2)


Last Updated: 27 May 2016 10:46:39