USN-224-1: Kerberos vulnerabilities

Ubuntu Security Notice USN-224-1

6th December, 2005

krb4, krb5 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 5.04
  • Ubuntu 4.10

Details

Ga�Delalleau discovered a buffer overflow in the env_opt_add()
function of the Kerberos 4 and 5 telnet clients. By sending specially
crafted replies, a malicious telnet server could exploit this to
execute arbitrary code with the privileges of the user running the
telnet client. (CVE-2005-0468)

Ga�Delalleau discovered a buffer overflow in the handling of the
LINEMODE suboptions in the telnet clients of Kerberos 4 and 5. By
sending a specially constructed reply containing a large number of SLC
(Set Local Character) commands, a remote attacker (i. e. a malicious
telnet server) could execute arbitrary commands with the privileges of
the user running the telnet client. (CVE-2005-0469)

Daniel Wachdorf discovered two remote vulnerabilities in the Key
Distribution Center of Kerberos 5 (krb5-kdc). By sending certain TCP
connection requests, a remote attacker could trigger a double-freeing
of memory, which led to memory corruption and a crash of the KDC
server. (CVE-2005-1174). Under rare circumstances the same type of TCP
connection requests could also trigger a buffer overflow that could be
exploited to run arbitrary code with the privileges of the KDC server.
(CVE-2005-1175)

Magnus Hagander discovered that the krb5_recvauth() function attempted
to free previously freed memory in some situations. A remote attacker
could possibly exploit this to run arbitrary code with the privileges
of the program that called this function. Most imporantly, this
affects the following daemons: kpropd (from the krb5-kdc package),
klogind, and kshd (both from the krb5-rsh-server package).
(CVE-2005-1689)

Please note that these packages are not officially supported by Ubuntu
(they are in the 'universe' component of the archive).

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 5.04:
krb5-kdc
krb5-rsh-server
krb5-clients
krb5-telnetd
kerberos4kth-clients
Ubuntu 4.10:
krb5-kdc
krb5-rsh-server
krb5-clients
krb5-telnetd
kerberos4kth-clients

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

None

References

CVE-2005-0468, CVE-2005-0469, CVE-2005-1174, CVE-2005-1175, CVE-2005-1689