CVE-2008-0062

Impact:
Critical
Public Date:
2008-03-18
Bugzilla:
432620: CVE-2008-0062 krb5: uninitialized pointer use in krb5kdc

The MITRE CVE dictionary describes this issue as:

KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.

Find out more about CVE-2008-0062 from the MITRE CVE dictionary dictionary and NIST NVD.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux version 5 (krb5) RHSA-2008:0164 2008-03-18
Red Hat Enterprise Linux version 2.1 (krb5) RHSA-2008:0181 2008-03-18
Red Hat Enterprise Linux ES EUS (v. 4.5) (krb5) RHSA-2008:0182 2008-03-18
Red Hat Enterprise Linux version 4 (krb5) RHSA-2008:0180 2008-03-18
Red Hat Enterprise Linux version 3 (krb5) RHSA-2008:0181 2008-03-18

Acknowledgements

Red Hat would like to thank MIT for reporting this issue.