← back
CVE-2008-0063

CVE-2008-0063

EPSS 3.5%
The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://docs.info.apple.com/article.html?artnum=307562http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.htmlhttp://secunia.com/advisories/29420http://secunia.com/advisories/29423http://secunia.com/advisories/29424http://secunia.com/advisories/29428http://secunia.com/advisories/29435http://secunia.com/advisories/29438http://secunia.com/advisories/29450http://secunia.com/advisories/29451http://secunia.com/advisories/29457