(Novell Issues Fix for Novell Open Enterprise Server) Kerberos KDC Double-Free Bug Lets Remote Users Deny Service, Obtain Information, or Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1019791 |
|
SecurityTracker URL: http://securitytracker.com/id/1019791
|
|
CVE Reference:
CVE-2008-0062
(Links to External Site)
|
Date: Apr 4 2008
|
Impact:
Denial of service via network, Disclosure of system information, Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
A vulnerability was reported in Kerberos KDC. A remote user can cause denial of service conditions, obtain information, or execute arbitrary code. Novell Open Enterprise Server is affected.
A remote user can send a specially crafted Kerberos 4 message to trigger a null pointer dereference, causing the target KDC to crash or return portions of arbitrary memory locations as part of an error message. The remote user can also trigger a double-free to potentially execute arbitrary code.
|
Impact:
A remote user can cause the target KDC to crash, disclose information, or execute arbitrary code.
|
Solution:
Novell has issued a fix for Novell Open Enterprise Server on SUSE Linux, which is affected by this Kerberos vulnerability.
The Novell advisories are available at:
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html
|
Cause:
Access control error, State error
|
Underlying OS:
Linux (SuSE)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Fri, 4 Apr 2008 13:16:51 -0500
Subject: Novell Kerberos
|
x86:
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html
x86-64:
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html
CVE-2008-0062
CVE-2008-0063
CVE-2008-0947
CVE-2008-0948
|
|
