Wind River Support Network

HomeOther Downloadskrb5 - security advisory - CVE-2008-0062 CVE-2008-0063
Optional Type: Patch

krb5 - security advisory - CVE-2008-0062 CVE-2008-0063

Released: Apr 25, 2008     Updated: Apr 25, 2008

Description

KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0062


Also:

The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0063 IDENTIFIER = WIND00120131


Product Version

Linux Platforms 2.0

Downloads


Installation Notes

Installation Notes

WIND00124674.zip is for 1.4
WIND00124675.zip is for 1.5
WIND00120156.zip is for 2.0

1. Unzip the patch under [install_dir]/updates

2. From the [install_dir]/updates directory, run the command "../maintenance/mtool/mtool_linux"

3. Follow the instructions for installing the point patch.

4. Once the patch has been installed, run the command "make -C build krb5.rebuild" to rebuild the krb5 package with the source file fix.

5. Run "make fs" next

6. Upload the kernel and rootfs into the target and boot it up.


Live chat
Online