Weekly Vulnerabilities Reports > March 17 to 23, 2008

Overview

2 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 1 high severity vulnerabilities. This weekly summary report vulnerabilities in 11 products from 7 vendors including Debian, Fedoraproject, Canonical, MIT, and Apple. Vulnerabilities are notably categorized as "Use of Uninitialized Resource", and "Improper Initialization".

  • 2 reported vulnerabilities are remotely exploitables.
  • 2 reported vulnerabilities are exploitable by an anonymous user.
  • Debian has the most reported vulnerabilities, with 2 reported vulnerabilities.
  • Debian has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

1 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-03-19 CVE-2008-0062 MIT
Debian
Canonical
Fedoraproject
Improper Initialization vulnerability in multiple products

KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.

9.8

1 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-03-19 CVE-2008-0063 MIT
Apple
Opensuse
Suse
Debian
Canonical
Fedoraproject
Use of Uninitialized Resource vulnerability in multiple products

The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."

7.5

0 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS

0 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS