CVE-2008-0947 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	10 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:C/I:C/A:C
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 96%

Vendor	Product	Version
mit	kerberos_5	1.4
mit	kerberos_5	1.4.1
mit	kerberos_5	1.4.2
mit	kerberos_5	1.4.3
mit	kerberos_5	1.4.4
mit	kerberos_5	1.5
mit	kerberos_5	1.5.1
mit	kerberos_5	1.5.2
mit	kerberos_5	1.5.3
mit	kerberos_5	1.6
mit	kerberos_5	1.6.1
mit	kerberos_5	1.6.2
mit	kerberos_5	1.6.3

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

krb5

bullseye (security)	1.18.3-6+deb11u5 fixed
bullseye	1.18.3-6+deb11u5 fixed
bookworm	1.20.1-2+deb12u2 fixed
bookworm (security)	1.20.1-2+deb12u2 fixed
sid	1.21.3-3 fixed
trixie	1.21.3-3 fixed

Ubuntu Releases

Ubuntu Product

Codename

krb5

gutsy	Fixed 1.6.dfsg.1-7ubuntu0.1 released
feisty	Fixed 1.4.4-5ubuntu3.4 released
edgy	Fixed 1.4.3-9ubuntu1.6 released
dapper	Fixed 1.4.3-5ubuntu0.7 released

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html

http://marc.info/?l=bugtraq&m=130497213107107&w=2

http://marc.info/?l=bugtraq&m=130497213107107&w=2

http://secunia.com/advisories/29424

http://secunia.com/advisories/29428

http://secunia.com/advisories/29435

http://secunia.com/advisories/29438

http://secunia.com/advisories/29451

http://secunia.com/advisories/29457

http://secunia.com/advisories/29462

http://secunia.com/advisories/29464

http://secunia.com/advisories/29516

http://secunia.com/advisories/29663

http://security.gentoo.org/glsa/glsa-200803-31.xml

http://securityreason.com/securityalert/3752

http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html

http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-002.txt

http://wiki.rpath.com/Advisories:rPSA-2008-0112

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112

http://www.debian.org/security/2008/dsa-1524

http://www.kb.cert.org/vuls/id/374121

http://www.mandriva.com/security/advisories?name=MDVSA-2008:069

http://www.mandriva.com/security/advisories?name=MDVSA-2008:070

http://www.redhat.com/support/errata/RHSA-2008-0164.html

http://www.securityfocus.com/archive/1/489762/100/0/threaded

http://www.securityfocus.com/archive/1/489784/100/0/threaded

http://www.securityfocus.com/archive/1/489883/100/0/threaded

http://www.securityfocus.com/bid/28302

http://www.securitytracker.com/id?1019631

http://www.ubuntu.com/usn/usn-587-1

http://www.us-cert.gov/cas/techalerts/TA08-079B.html

http://www.vupen.com/english/advisories/2008/0922/references

http://www.vupen.com/english/advisories/2008/1102/references

https://exchange.xforce.ibmcloud.com/vulnerabilities/41273

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10984

https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html

https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html

http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html

http://marc.info/?l=bugtraq&m=130497213107107&w=2

http://marc.info/?l=bugtraq&m=130497213107107&w=2

http://secunia.com/advisories/29424

http://secunia.com/advisories/29428

http://secunia.com/advisories/29435

http://secunia.com/advisories/29438

http://secunia.com/advisories/29451

http://secunia.com/advisories/29457

http://secunia.com/advisories/29462

http://secunia.com/advisories/29464

http://secunia.com/advisories/29516

http://secunia.com/advisories/29663

http://security.gentoo.org/glsa/glsa-200803-31.xml

http://securityreason.com/securityalert/3752

http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html

http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-002.txt

http://wiki.rpath.com/Advisories:rPSA-2008-0112

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112

http://www.debian.org/security/2008/dsa-1524

http://www.kb.cert.org/vuls/id/374121

http://www.mandriva.com/security/advisories?name=MDVSA-2008:069

http://www.mandriva.com/security/advisories?name=MDVSA-2008:070

http://www.redhat.com/support/errata/RHSA-2008-0164.html

http://www.securityfocus.com/archive/1/489762/100/0/threaded

http://www.securityfocus.com/archive/1/489784/100/0/threaded

http://www.securityfocus.com/archive/1/489883/100/0/threaded

http://www.securityfocus.com/bid/28302

http://www.securitytracker.com/id?1019631

http://www.ubuntu.com/usn/usn-587-1

http://www.us-cert.gov/cas/techalerts/TA08-079B.html

http://www.vupen.com/english/advisories/2008/0922/references

http://www.vupen.com/english/advisories/2008/1102/references

https://exchange.xforce.ibmcloud.com/vulnerabilities/41273

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10984

https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html

https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html