Skip to main content

Early Access — Mondoo Vulnerability Intelligence is currently in preview.

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

CVE-2008-0062

CRITICAL9.8

KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free

Published Mar 19, 2008

Modified 1 years ago

No fix available

Details

KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.

References

WEBhttp://docs.info.apple.com/article.html?artnum=307562 ADVISORYhttp://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html ADVISORYhttp://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html ADVISORYhttp://marc.info/?l=bugtraq&m=130497213107107&w=2 ADVISORYhttp://secunia.com/advisories/29420 ADVISORYhttp://secunia.com/advisories/29423 ADVISORYhttp://secunia.com/advisories/29424 ADVISORYhttp://secunia.com/advisories/29428 ADVISORYhttp://secunia.com/advisories/29435 ADVISORYhttp://secunia.com/advisories/29438 ADVISORYhttp://secunia.com/advisories/29450 ADVISORYhttp://secunia.com/advisories/29451 ADVISORYhttp://secunia.com/advisories/29457 ADVISORYhttp://secunia.com/advisories/29462 ADVISORYhttp://secunia.com/advisories/29464 ADVISORYhttp://secunia.com/advisories/29516 ADVISORYhttp://secunia.com/advisories/29663 ADVISORYhttp://secunia.com/advisories/30535 WEBhttp://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html WEBhttp://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html WEBhttp://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt WEBhttp://wiki.rpath.com/Advisories:rPSA-2008-0112 WEBhttp://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112 ADVISORYhttp://www.debian.org/security/2008/dsa-1524 ADVISORYhttp://www.gentoo.org/security/en/glsa/glsa-200803-31.xml ADVISORYhttp://www.kb.cert.org/vuls/id/895609 ADVISORYhttp://www.mandriva.com/security/advisories?name=MDVSA-2008:069 ADVISORYhttp://www.mandriva.com/security/advisories?name=MDVSA-2008:070 ADVISORYhttp://www.mandriva.com/security/advisories?name=MDVSA-2008:071 ADVISORYhttp://www.redhat.com/support/errata/RHSA-2008-0164.html ADVISORYhttp://www.redhat.com/support/errata/RHSA-2008-0180.html ADVISORYhttp://www.redhat.com/support/errata/RHSA-2008-0181.html ADVISORYhttp://www.redhat.com/support/errata/RHSA-2008-0182.html WEBhttp://www.securityfocus.com/archive/1/489761 WEBhttp://www.securityfocus.com/archive/1/489883/100/0/threaded WEBhttp://www.securityfocus.com/archive/1/493080/100/0/threaded WEBhttp://www.securityfocus.com/bid/28303 WEBhttp://www.securitytracker.com/id?1019626 ADVISORYhttp://www.ubuntu.com/usn/usn-587-1 WEBhttp://www.vmware.com/security/advisories/VMSA-2008-0009.html WEBhttp://www.vupen.com/english/advisories/2008/0922/references WEBhttp://www.vupen.com/english/advisories/2008/0924/references WEBhttp://www.vupen.com/english/advisories/2008/1102/references WEBhttp://www.vupen.com/english/advisories/2008/1744 WEBhttps://exchange.xforce.ibmcloud.com/vulnerabilities/41275 WEBhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9496 ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2008-0062 ADVISORYhttps://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html ADVISORYhttps://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html

CVSS Analysis

CVSS v3.1

9.8

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

9.8/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Ecosystems

Timeline

PublishedMar 19, 2008

ModifiedAug 7, 2024

CVE-2008-0062 | Mondoo Vulnerability Intelligence