Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 30th, 2015
Linux Advisory Watch: March 27th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Ubuntu: krb5 vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu The server-side portion of Kerberos' RPC library had a memory management flaw which allowed users of that library to call a function pointer located in unallocated memory. By doing specially crafted calls to the kadmind server, a remote attacker could exploit this to execute arbitrary code with root privileges on the target computer.
Ubuntu Security Notice USN-408-1           January 15, 2007
krb5 vulnerability

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libkadm55                                1.4.3-5ubuntu0.2
  libkrb53                                 1.4.3-5ubuntu0.2

Ubuntu 6.10:
  libkadm55                                1.4.3-9ubuntu1.1
  libkrb53                                 1.4.3-9ubuntu1.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

The server-side portion of Kerberos' RPC library had a memory
management flaw which allowed users of that library to call a function
pointer located in unallocated memory. By doing specially crafted
calls to the kadmind server, a remote attacker could exploit this to
execute arbitrary code with root privileges on the target computer.

Updated packages for Ubuntu 6.06 LTS:

  Source archives:
      Size/MD5:  1447550 546659a7ce8758c26c33d0241adb992d
      Size/MD5:      848 ed669b2e38c5b3b6701401b99bbdb3cb
      Size/MD5:  7279788 43fe621ecb849a83ee014dfb856c54af

  Architecture independent packages:
      Size/MD5:   852734 748a61c88e96abcc2fd922acdafbd56c

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5:    79686 a56316c071cbdae9f33b10166e204340
      Size/MD5:   222738 173b8846edc4d84b0880b293ebd819f8
      Size/MD5:    59876 11c96393564f5422e884cda60671688d
      Size/MD5:   134570 c2fa98268d5c486988eae91040441720
      Size/MD5:    84774 7dc407371c107d79c69ffe054f702ba7
      Size/MD5:    67044 4a01011a78cf0c299df6b36384c0950b
      Size/MD5:   129430 2acabc3bcb9323fa28a69e306694a1ec
      Size/MD5:   190294 a4044fce177ca61f9b24ff9515443e5f
      Size/MD5:   768212 bba4e4f35f90a58177f14d35d9fccf1e
      Size/MD5:   425220 e16e7b2709af4fb8a88a0819cdfc1a40

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5:    71660 d38e87ecea34868e1dac394b9047c382
      Size/MD5:   186752 12424ad58c808a4867f0db0d014a34ec
      Size/MD5:    53844 3aa5f6a9ae2cb49659a0577ea972d0af
      Size/MD5:   121068 9a1fcd42b91849f0a4ce3c1614c3dbb9
      Size/MD5:    75438 9b264a66dff08d0206370a43058687d1
      Size/MD5:    58204 6e89a58b9d435c6e1422537a18da2dc1
      Size/MD5:   118528 82f62332c5bae9177ce1f356b824279e
      Size/MD5:   165130 0968da19d0bdac05e716825ba045f5e5
      Size/MD5:   646560 89ccbd05cda4887245d7d5c5cd77d383
      Size/MD5:   380650 8a8e6bebd4955809ef62a27cc7eb8918

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5:    79712 119d48198050bd5e24c711c895770bf0
      Size/MD5:   220080 3025e485a43fd6a67c6d7716f1efad63
      Size/MD5:    59084 97104b0dcfc3a4dacd5c1334766c488b
      Size/MD5:   135552 b1c5a4334633412e8c64d808b4a30280
      Size/MD5:    84632 b7a70d1cb0513523911248231bbcca82
      Size/MD5:    65420 9300e4d62e4dedad6ac85647fe157ee2
      Size/MD5:   134396 f07964b5364af26ac18bc4c37ff71e3f
      Size/MD5:   177082 8488709500858a66f07183a193a249e7
      Size/MD5:   751382 96e57442a0caa1e574f0581327fc9e1a
      Size/MD5:   395444 b672282f98601ebe9340f251d7e2dd46

  sparc architecture (Sun SPARC/UltraSPARC)
      Size/MD5:    72292 ed56430a6017fe52fd34e8724ff5892d
      Size/MD5:   196928 2dff67f37591eede7be792c836028920
      Size/MD5:    55818 1de2f224962fd6e7f9a5a642995a2fb6
      Size/MD5:   123914 871a22e98608033db8dbc3e85d18e430
      Size/MD5:    76454 c8f134cee518c209e4f068d59e7bc90e
      Size/MD5:    61752 e15353f761ff1b052ff790c3b22d9f03
      Size/MD5:   120102 a72b86d5911ebf7d90454e20a5d3d6a7
      Size/MD5:   164630 2ba7eb220cee2ef90c433520dc22bd1d
      Size/MD5:   677878 53436fc167794aa6c7e4538156b279e4
      Size/MD5:   368236 8cfe1fb1b04f054211103b96bd85d4d0

Updated packages for Ubuntu 6.10:

  Source archives:
      Size/MD5:  1468259 a89554ee72ae46193497b5fdb86359e5
      Size/MD5:      883 92b415a7e46614bc10a6fad2971a13a4
      Size/MD5:  7279788 43fe621ecb849a83ee014dfb856c54af

  Architecture independent packages:
      Size/MD5:   853430 3958e9a508ef75081c289378ee06cb5d

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5:    81062 5e7b14c23de60189762b3776991256a3
      Size/MD5:   223934 6cbf0f868012e01518617369f4c09d78
      Size/MD5:    61134 c2420e53a8369ef1fb7150d8a486dd3c
      Size/MD5:   138648 38ffe1ee542695b7e7110f752b02a735
      Size/MD5:    86946 da6f24f2da9e84b2e13c0a296c8bdfcb
      Size/MD5:    67556 711861722d5ef9e31d6d641076574df6
      Size/MD5:   130170 53bf2f36db32694986426840efce7a63
      Size/MD5:   190180 27a2f0cf1711ddf7498b20073363c5f6
      Size/MD5:  1072552 d9f4df032a6d0b24d4b948cdc2a17ec3
      Size/MD5:   771828 8a490a2198a58ccea514e43ab68bce88
      Size/MD5:   427562 f60e228b07f072ee64e66d16b01c80c9

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5:    74768 07466ce7134858695cd2608f7d916bc9
      Size/MD5:   195996 77d746677df270dc89773c13f4231e98
      Size/MD5:    56642 33f6895466f028e4f7e60fe6d0102d7b
      Size/MD5:   128984 d57c3ae641ffc63cde21557c3db9355c
      Size/MD5:    79602 6be865799bcf85edb35c541df35b9245
      Size/MD5:    61366 e9c4b39d8228118d03d5df02123e437d
      Size/MD5:   121716 588addedfb49a64c09a8517740d039d9
      Size/MD5:   172370 b6674bf633bf623d54d53d8ee57120e5
      Size/MD5:  1024338 53cef35e866ba9bfa14ebb7727b10c9d
      Size/MD5:   672520 7c1313e3eb84a448479af34eda9a0233
      Size/MD5:   403646 b30ac3ba3dc11650ef9a74b5b1d9368a

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5:    81626 eb56ed7461f47af49023f2027d71a249
      Size/MD5:   222676 f847921d673ba513a11b2e4da26c6589
      Size/MD5:    61324 94d69c98e2439ead3b38757fb6503917
      Size/MD5:   140824 a3a2c75ca459aadf29db4af247832cac
      Size/MD5:    86812 8747cbb5e22b1611d0f35d413a29dfb8
      Size/MD5:    66622 e03d52dd334c788d3fb7583660ac25af
      Size/MD5:   136342 0048a761afaabaffb847273c88cb7758
      Size/MD5:   179554 59ca8bdf4afa0ea09432aaa2e53facf7
      Size/MD5:  1076132 98f942e3252e3f377cd24c03dfae7120
      Size/MD5:   757874 00cde304e78bdd85ca75454ae31f9056
      Size/MD5:   398636 15cd61e388f2e658709577c6c17ed9f4

  sparc architecture (Sun SPARC/UltraSPARC)
      Size/MD5:    74648 a9d42678fb3d7d508c087ae7eb075eec
      Size/MD5:   203198 2aeac236c8864c757a55870190918302
      Size/MD5:    58498 22079ad35df8ceea0857319eb533ee35
      Size/MD5:   129158 a5b36aeb90baba94d569f41d21f16548
      Size/MD5:    79926 d889cf2987c8c48a6aef9b566ad14238
      Size/MD5:    63040 6e9f3b3ad95536ee494d73e8ee3d252a
      Size/MD5:   122238 bd59626426b7690742520d2151b58a3c
      Size/MD5:   166480 fd69c12e642a168d39ce209c1647d433
      Size/MD5:   957280 de94391f1d289fbe3c7639f8ca8cf303
      Size/MD5:   684606 511b01e003f876bde73badddeda105ab
      Size/MD5:   373600 66c24f51433ff5ce4670bc91f04a6187

Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

Version: GnuPG v1.4.6 (GNU/Linux)



--==============44422575=Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

ubuntu-security-announce mailing list
Modify settings or unsubscribe at:

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Feds Charged With Stealing Money During Silk Road Investigation
EFF questions US government's software flaw disclosure policy
Hotel Router Vulnerability A Reminder Of Untrusted WiFi Risks
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.