The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."
Software | From | Fixed in |
---|---|---|
debian / debian_linux | 3.1 | 3.1.x |
debian / debian_linux | 4.0 | 4.0.x |
mit / kerberos_5 | - | 1.6.3.x |
apple / mac_os_x | - | 10.4.11 |
apple / mac_os_x | 10.5.0 | 10.5.2 |
apple / mac_os_x_server | - | 10.4.11 |
apple / mac_os_x_server | 10.5.0 | 10.5.2 |
opensuse / opensuse | 10.2 | 10.2.x |
opensuse / opensuse | 10.3 | 10.3.x |
fedoraproject / fedora | 7 | 7.x |
fedoraproject / fedora | 8 | 8.x |
canonical / ubuntu_linux | 6.06 | 6.06.x |
canonical / ubuntu_linux | 6.10 | 6.10.x |
canonical / ubuntu_linux | 7.04 | 7.04.x |
canonical / ubuntu_linux | 7.10 | 7.10.x |
suse / linux_enterprise_desktop | 10-sp1 | 10-sp1.x |
suse / linux_enterprise_server | 10-sp1 | 10-sp1.x |
suse / linux_enterprise_software_development_kit | 10-sp1 | 10-sp1.x |
suse / linux | 10.1 | 10.1.x |