(Novell Issues Fix for Novell Open Enterprise Server) Kerberos KDC Stack Initialization Bug May Disclose Stack Data to Remote Users
|
|
SecurityTracker Alert ID: 1019793 |
|
SecurityTracker URL: http://securitytracker.com/id/1019793
|
|
CVE Reference:
CVE-2008-0063
(Links to External Site)
|
Date: Apr 4 2008
|
Impact:
Disclosure of system information
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
A vulnerability was reported in Kerberos KDC. A remote user can obtain potentially sensitive information. Novell Open Enterprise Server is affected.
A remote user can send a specially crafted Kerberos 4 message to cause uninitialized stack data to be used in place of missing portions of the Kerberos 4 message. Some information from the stack may be returned to the remote user as part of an error message.
|
Impact:
A remote user can obtain potentially sensitive information from the stack.
|
Solution:
Novell has issued a fix for Novell Open Enterprise Server on SUSE Linux, which is affected by this Kerberos vulnerability.
The Novell advisories are available at:
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html
|
Cause:
Access control error
|
Underlying OS:
Linux (SuSE)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Fri, 4 Apr 2008 13:16:51 -0500
Subject: Novell Kerberos
|
x86:
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html
x86-64:
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html
CVE-2008-0062
CVE-2008-0063
CVE-2008-0947
CVE-2008-0948
|
|
