Red Hat Customer Portal

Skip to main content

CVE-2008-0062

Impact:
Critical
Public Date:
2008-03-18
Bugzilla:
432620: CVE-2008-0062 krb5: uninitialized pointer use in krb5kdc

The MITRE CVE dictionary describes this issue as:

KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.

Find out more about CVE-2008-0062 from the MITRE CVE dictionary dictionary and NIST NVD.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 3 (krb5) RHSA-2008:0181 2008-03-18
Red Hat Enterprise Linux Extended Update Support 4.5 (krb5) RHSA-2008:0182 2008-03-18
Red Hat Enterprise Linux 4 (krb5) RHSA-2008:0180 2008-03-18
Red Hat Enterprise Linux 5 (krb5) RHSA-2008:0164 2008-03-18
Red Hat Enterprise Linux 2.1 (krb5) RHSA-2008:0181 2008-03-18

Acknowledgements

Red Hat would like to thank MIT for reporting this issue.