Your submission was sent successfully! Close

USN-881-1: Kerberos vulnerability

12 January 2010

Kerberos vulnerability




It was discovered that Kerberos did not correctly handle invalid AES
blocks. An unauthenticated remote attacker could send specially crafted
traffic that would crash the KDC service, leading to a denial of service,
or possibly execute arbitrary code with root privileges.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 9.10
Ubuntu 9.04
Ubuntu 8.10
Ubuntu 8.04
Ubuntu 6.06

In general, a standard system upgrade is sufficient to effect the
necessary changes.