CVE-2008-0063

Name of the Vulnerable Software and Affected Versions MIT Kerberos 5 (krb5kdc) versions prior to the fixed version Red Hat Enterprise Linux (affected versions not specified)

Description The issue is related to the Kerberos 4 support in the KDC component of MIT Kerberos 5, where the unused portion of a buffer is not properly cleared when generating an error message. This might allow remote attackers to obtain sensitive information. The problem can lead to a violation of confidentiality, integrity, and availability of protected information. Exploitation can be done remotely.

Recommendations For MIT Kerberos 5, update to a version that includes the fix for the buffer clearing issue. For Red Hat Enterprise Linux, at the moment, there is no information about a newer version that contains a fix for this vulnerability.