You are here

CVE-2008-0062

Vincent (CVE) Danen's picture
KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.

Details Source

Mitre

Public Date

2008-03-18 00:00:00

Impact

Critical

Bugzilla

CVE-2008-0062 krb5: uninitialized pointer use in krb5kdc

Bugzilla ID

432 620

CVSS Status

draft

Acknowledgements

Red Hat would like to thank MIT for reporting this issue.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 3 (krb5) RHSA-2008:0181 2008-03-18
Red Hat Enterprise Linux Extended Update Support 4.5 (krb5) RHSA-2008:0182 2008-03-18
Red Hat Enterprise Linux 4 (krb5) RHSA-2008:0180 2008-03-18
Red Hat Enterprise Linux 5 (krb5) RHSA-2008:0164 2008-03-18
Red Hat Enterprise Linux 2.1 (krb5) RHSA-2008:0181 2008-03-18