Ubuntu Security Notice USN-477-1
26th June, 2007
krb5 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 7.04
- Ubuntu 6.10
- Ubuntu 6.06 LTS
Details
Wei Wang discovered that the krb5 RPC library did not correctly handle
certain error conditions. A remote attacker could cause kadmind to free
an uninitialized pointer, leading to a denial of service or possibly
execution of arbitrary code with root privileges. (CVE-2007-2442)
Wei Wang discovered that the krb5 RPC library did not correctly check
the size of certain communications. A remote attacker could send a
specially crafted request to kadmind and execute arbitrary code with
root privileges. (CVE-2007-2443)
It was discovered that the kadmind service could be made to overflow its
stack. A remote attacker could send a specially crafted request and
execute arbitrary code with root privileges. (CVE-2007-2798)
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 7.04:
- libkadm55 1.4.4-5ubuntu3.1
- Ubuntu 6.10:
- libkadm55 1.4.3-9ubuntu1.3
- Ubuntu 6.06 LTS:
- libkadm55 1.4.3-5ubuntu0.4
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system upgrade is sufficient to effect the
necessary changes.