The remote host is probably affected by the vulnerabilities described in CVE-2008-0062, CVE-2008-0063, CVE-2008-0947, CVE-2008-0948 Impact CVE-2008-0062: An unauthenticated remote attacker may cause a krb4-enabled KDC to crash, expose information, or execute arbitrary code. Successful exploitation of this vulnerability could compromise the Kerberos key database and host security on the KDC host. CVE-2008-0063: An unauthenticated remote attacker may cause a krb4-enabled KDC to expose information. It is theoretically possible for the exposed information to include secret key data on some platforms. CVE 2008-0947 Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.4 through 1.6.3 allows remote attackers to execute arbitrary code by triggering a large number of open file descriptors. CVE 2008-0948 Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.2.2, and probably other versions before 1.3, when running on systems whose unistd.h does not define the FD_SETSIZE macro, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering a large number of open file descriptors.

All Kerberos users should upgrade to the latest version:

• http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0062
• http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0063
• http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0947
• http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0948

---

Updated on 2015-03-25