CVE-2008-0062 – krb5: uninitialized pointer use in krb5kdc
https://notcve.org/view.php?id=CVE-2008-0062
KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free. KDC en MIT Kerberos 5 (krb5kdc) no fija variable global alguna para determinados tipos de mensaje krb4, la cual permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecución de código de su elección mediante mensajes manipulados que disparan una referencia a un puntero nulo o doble liberación de memoria (double-free). • http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html http://marc.info/?l=bugtraq&m=130497213107107&w=2 http://secunia.com/advisories/29420 http://secunia.com/advisories/29423 http://secunia.com/advisories/29424 http://secunia.com/advisories/29428 http://secunia.com/advisories/29435 http://secunia.com/advisories/29438 http://secun • CWE-665: Improper Initialization •
CVE-2008-0063 – krb5: possible leak of sensitive data from krb5kdc using krb4 request
https://notcve.org/view.php?id=CVE-2008-0063
The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values." El soporte Kerberos 4 en KDC en MIT Kerberos 5 (krb5kdc) no borra apropiadamente la parte no utilizada de un búfer cuando se genera un mensaje de error, lo que podría permitir a los atacantes remotos obtener información confidencial, también se conoce como "Uninitialized stack values." • http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html http://secunia.com/advisories/29420 http://secunia.com/advisories/29423 http://secunia.com/advisories/29424 http://secunia.com/advisories/29428 http://secunia.com/advisories/29435 http://secunia.com/advisories/29438 http://secunia.com/advisories/29450 http://secunia.com/advisories/2 • CWE-908: Use of Uninitialized Resource •
CVE-2008-0948 – krb5: incorrect handling of high-numbered file descriptors in RPC library
https://notcve.org/view.php?id=CVE-2008-0948
Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.2.2, and probably other versions before 1.3, when running on systems whose unistd.h does not define the FD_SETSIZE macro, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering a large number of open file descriptors. Un desbordamiento de búfer en la biblioteca RPC (lib/rpc/rpc_dtablesize.c) utilizada por libgssrpc y kadmind en MIT Kerberos 5 (krb5) versión 1.2.2, y probablemente otras versiones anteriores a 1.3, cuando se ejecuta en sistemas cuyo unistd.h no define la macro FD_SETSIZE, lo que permite a los atacantes remotos causar una denegación de servicio (bloqueo) y posiblemente ejecutar código arbitrario mediante la activación de un gran número de descriptores de archivos abiertos. • http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html http://marc.info/?l=bugtraq&m=130497213107107&w=2 http://secunia.com/advisories/29423 http://secunia.com/advisories/29424 http://secunia.com/advisories/29428 http://secunia.com/advisories/29663 http://secunia.com/advisories/30535 http://securityreason.com/securityalert/3752 http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-5971 – krb5: double free in gssapi lib
https://notcve.org/view.php?id=CVE-2007-5971
Double free vulnerability in the gss_krb5int_make_seal_token_v3 function in lib/gssapi/krb5/k5sealv3.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. Una vulnerabilidad de doble liberación en la función gss_krb5int_make_seal_token_v3 en la biblioteca lib/gssapi/krb5/k5sealv3.c en MIT Kerberos 5 (krb5), presenta un impacto desconocido y vectores de ataques. • http://bugs.gentoo.org/show_bug.cgi?id=199212 http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://osvdb.org/43345 http://seclists.org/fulldisclosure/2007/Dec/0176.html http://seclists.org/fulldisclosure/2007/Dec/0321.html http://secunia.com/advisories/28636 http://secunia.com/advisories/29420 http://secunia.com/advisories/29450 http://secunia.com/advisories/29451 http://secunia.com/advisories • CWE-399: Resource Management Errors •
CVE-2007-5901 – krb5: use-after-free in gssapi lib
https://notcve.org/view.php?id=CVE-2007-5901
Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/mechglue/g_initialize.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. NOTE: this might be the result of a typo in the source code. Vulnerabilidad de uso después de liberación (use-after-free) en la función gss_indicate_mechs de lib/gssapi/mechglue/g_initialize.c en MIT Kerberos 5 (krb5) tiene impacto y vectores de ataque desconocidos. NOTA: esto podría ser resultado de una errata en el código fuente. • http://bugs.gentoo.org/show_bug.cgi?id=199214 http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://osvdb.org/43346 http://seclists.org/fulldisclosure/2007/Dec/0176.html http://seclists.org/fulldisclosure/2007/Dec/0321.html http://secunia.com/advisories/29451 http://secunia.com/advisories/29464 http://secunia.com/advisories/29516 http://secunia.com/advisories/39290 http://security.gentoo.org • CWE-399: Resource Management Errors CWE-416: Use After Free •