CVE-2008-0063

Impact:
Moderate
Public Date:
2008-03-18
Bugzilla:
432621: CVE-2008-0063 krb5: possible leak of sensitive data from krb5kdc using krb4 request

The MITRE CVE dictionary describes this issue as:

The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."

Find out more about CVE-2008-0063 from the MITRE CVE dictionary dictionary and NIST NVD.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux version 5 (krb5) RHSA-2008:0164 2008-03-18
Red Hat Enterprise Linux version 2.1 (krb5) RHSA-2008:0181 2008-03-18
Red Hat Enterprise Linux ES EUS (v. 4.5) (krb5) RHSA-2008:0182 2008-03-18
Red Hat Enterprise Linux version 4 (krb5) RHSA-2008:0180 2008-03-18
Red Hat Enterprise Linux version 3 (krb5) RHSA-2008:0181 2008-03-18

Acknowledgements

Red Hat would like to thank MIT for reporting this issue.