CVE-2008-0063

The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."

🔗 References (92)

• cve@mitrehttp://docs.info.apple.com/article.html?artnum=307562
• cve@mitrehttp://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
• cve@mitrehttp://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html
• cve@mitrehttp://secunia.com/advisories/29420
• cve@mitrehttp://secunia.com/advisories/29423
• cve@mitrehttp://secunia.com/advisories/29424
• cve@mitrehttp://secunia.com/advisories/29428
• cve@mitrehttp://secunia.com/advisories/29435
• cve@mitrehttp://secunia.com/advisories/29438
• cve@mitrehttp://secunia.com/advisories/29450
• cve@mitrehttp://secunia.com/advisories/29451
• cve@mitrehttp://secunia.com/advisories/29457
• cve@mitrehttp://secunia.com/advisories/29462
• cve@mitrehttp://secunia.com/advisories/29464
• cve@mitrehttp://secunia.com/advisories/29516