Your submission was sent successfully! Close

USN-587-1: Kerberos vulnerabilities

19 March 2008

Kerberos vulnerabilities

Releases

Packages

Details

It was discovered that krb5 did not correctly handle certain krb4
requests. An unauthenticated remote attacker could exploit this flaw
by sending a specially crafted traffic, which could expose sensitive
information, cause a crash, or execute arbitrary code. (CVE-2008-0062,
CVE-2008-0063)

A flaw was discovered in the kadmind service's handling of file
descriptors. An unauthenticated remote attacker could send specially
crafted requests that would cause a crash, resulting in a denial of
service. Only systems with configurations allowing large numbers of
open file descriptors were vulnerable. (CVE-2008-0947)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 7.10
Ubuntu 7.04
Ubuntu 6.10
Ubuntu 6.06

In general, a standard system upgrade is sufficient to effect the
necessary changes.