Red Hat Customer Portal

Skip to main content


Public Date:
432621: CVE-2008-0063 krb5: possible leak of sensitive data from krb5kdc using krb4 request

The MITRE CVE dictionary describes this issue as:

The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."

Find out more about CVE-2008-0063 from the MITRE CVE dictionary dictionary and NIST NVD.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 3 (krb5) RHSA-2008:0181 2008-03-18
Red Hat Enterprise Linux Extended Update Support 4.5 (krb5) RHSA-2008:0182 2008-03-18
Red Hat Enterprise Linux 4 (krb5) RHSA-2008:0180 2008-03-18
Red Hat Enterprise Linux 5 (krb5) RHSA-2008:0164 2008-03-18
Red Hat Enterprise Linux 2.1 (krb5) RHSA-2008:0181 2008-03-18


Red Hat would like to thank MIT for reporting this issue.

Last Modified