Wind River Support Network

HomeOther Downloadskrb5 - security advisory - CVE-2008-0062 CVE-2008-0063
Optional Type: Patch

krb5 - security advisory - CVE-2008-0062 CVE-2008-0063

Released: Apr 25, 2008     Updated: Apr 25, 2008


KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.


The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values." IDENTIFIER = WIND00120131

Product Version

Linux Platforms 2.0


Installation Notes

Installation Notes is for 1.4 is for 1.5 is for 2.0

1. Unzip the patch under [install_dir]/updates

2. From the [install_dir]/updates directory, run the command "../maintenance/mtool/mtool_linux"

3. Follow the instructions for installing the point patch.

4. Once the patch has been installed, run the command "make -C build krb5.rebuild" to rebuild the krb5 package with the source file fix.

5. Run "make fs" next

6. Upload the kernel and rootfs into the target and boot it up.

Live chat