Search for vulnerabilities
Vulnerability details: VCID-ty9h-p8jv-aaak
Vulnerability ID VCID-ty9h-p8jv-aaak
Aliases CVE-2008-0062
Summary KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.
Status Published
Exploitability 2.0
Weighted Severity 9.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-189 Numeric Errors
CWE-665 Improper Initialization
System Score Found at
rhas Critical https://access.redhat.com/errata/RHSA-2008:0164
rhas Critical https://access.redhat.com/errata/RHSA-2008:0180
rhas Critical https://access.redhat.com/errata/RHSA-2008:0181
rhas Critical https://access.redhat.com/errata/RHSA-2008:0182
epss 0.04796 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.04796 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.04796 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.04796 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.04796 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.04796 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.04796 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.04796 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.04796 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.04796 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.04796 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.04796 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.04796 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.04796 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.04796 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.04796 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.04796 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.04796 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.04796 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.04796 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.04796 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.04796 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.04796 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.04796 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.04996 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.07232 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.07232 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.07232 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.07232 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.07232 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.07232 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.07232 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.07275 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.07275 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.07275 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.07275 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.07275 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.07275 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.07275 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.07275 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.07275 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.07275 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.07275 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.07275 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.07275 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.07275 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.07275 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.07275 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.07275 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.07275 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.07275 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.07275 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.07275 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.07275 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.07275 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.07275 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.07275 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.64201 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.64633 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.64633 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.64633 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.64633 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.64633 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.64633 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.64633 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.64633 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.64633 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.64633 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.70871 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.83413 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.83413 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.83413 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
epss 0.83413 https://api.first.org/data/v1/epss?cve=CVE-2008-0062
rhbs urgent https://bugzilla.redhat.com/show_bug.cgi?id=432620
cvssv2 9.3 https://nvd.nist.gov/vuln/detail/CVE-2008-0062
cvssv3 9.8 https://nvd.nist.gov/vuln/detail/CVE-2008-0062
cvssv3.1 9.8 https://nvd.nist.gov/vuln/detail/CVE-2008-0062
Reference id Reference type URL
http://docs.info.apple.com/article.html?artnum=307562
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html
http://marc.info/?l=bugtraq&m=130497213107107&w=2
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0062.json
https://api.first.org/data/v1/epss?cve=CVE-2008-0062
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0062
http://secunia.com/advisories/29420
http://secunia.com/advisories/29423
http://secunia.com/advisories/29424
http://secunia.com/advisories/29428
http://secunia.com/advisories/29435
http://secunia.com/advisories/29438
http://secunia.com/advisories/29450
http://secunia.com/advisories/29451
http://secunia.com/advisories/29457
http://secunia.com/advisories/29462
http://secunia.com/advisories/29464
http://secunia.com/advisories/29516
http://secunia.com/advisories/29663
http://secunia.com/advisories/30535
https://exchange.xforce.ibmcloud.com/vulnerabilities/41275
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9496
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt
http://wiki.rpath.com/Advisories:rPSA-2008-0112
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112
http://www.debian.org/security/2008/dsa-1524
http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml
http://www.kb.cert.org/vuls/id/895609
http://www.mandriva.com/security/advisories?name=MDVSA-2008:069
http://www.mandriva.com/security/advisories?name=MDVSA-2008:070
http://www.mandriva.com/security/advisories?name=MDVSA-2008:071
http://www.redhat.com/support/errata/RHSA-2008-0164.html
http://www.redhat.com/support/errata/RHSA-2008-0180.html
http://www.redhat.com/support/errata/RHSA-2008-0181.html
http://www.redhat.com/support/errata/RHSA-2008-0182.html
http://www.securityfocus.com/archive/1/489761
http://www.securityfocus.com/archive/1/489883/100/0/threaded
http://www.securityfocus.com/archive/1/493080/100/0/threaded
http://www.securityfocus.com/bid/28303
http://www.securitytracker.com/id?1019626
http://www.ubuntu.com/usn/usn-587-1
http://www.vmware.com/security/advisories/VMSA-2008-0009.html
http://www.vupen.com/english/advisories/2008/0922/references
http://www.vupen.com/english/advisories/2008/0924/references
http://www.vupen.com/english/advisories/2008/1102/references
http://www.vupen.com/english/advisories/2008/1744
432620 https://bugzilla.redhat.com/show_bug.cgi?id=432620
cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*
CVE-2008-0062 https://nvd.nist.gov/vuln/detail/CVE-2008-0062
GLSA-200803-31 https://security.gentoo.org/glsa/200803-31
RHSA-2008:0164 https://access.redhat.com/errata/RHSA-2008:0164
RHSA-2008:0180 https://access.redhat.com/errata/RHSA-2008:0180
RHSA-2008:0181 https://access.redhat.com/errata/RHSA-2008:0181
RHSA-2008:0182 https://access.redhat.com/errata/RHSA-2008:0182
USN-587-1 https://usn.ubuntu.com/587-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2008-0062
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2008-0062
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2008-0062
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.88484
EPSS Score 0.04796
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.