USN-477-1: krb5 vulnerabilities
27 June 2007
krb5 vulnerabilities
Releases
Details
Wei Wang discovered that the krb5 RPC library did not correctly handle
certain error conditions. A remote attacker could cause kadmind to free
an uninitialized pointer, leading to a denial of service or possibly
execution of arbitrary code with root privileges. (CVE-2007-2442)
Wei Wang discovered that the krb5 RPC library did not correctly check
the size of certain communications. A remote attacker could send a
specially crafted request to kadmind and execute arbitrary code with
root privileges. (CVE-2007-2443)
It was discovered that the kadmind service could be made to overflow its
stack. A remote attacker could send a specially crafted request and
execute arbitrary code with root privileges. (CVE-2007-2798)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 7.04
-
libkadm55
-
1.4.4-5ubuntu3.1
Ubuntu 6.10
-
libkadm55
-
1.4.3-9ubuntu1.3
Ubuntu 6.06
-
libkadm55
-
1.4.3-5ubuntu0.4
In general, a standard system upgrade is sufficient to effect the
necessary changes.