Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: July 28th, 2014
Linux Advisory Watch: July 25th, 2014
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Ubuntu: krb5 vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu The krb5 telnet service did not appropriately verify user names. A remote attacker could log in as the root user by requesting a specially crafted user name.
Ubuntu Security Notice USN-449-1             April 04, 2007
krb5 vulnerabilities
CVE-2007-0956, CVE-2007-0957, CVE-2007-1216

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
  krb5-telnetd                             1.3.6-4ubuntu0.2
  libkadm55                                1.3.6-4ubuntu0.2
  libkrb53                                 1.3.6-4ubuntu0.2

Ubuntu 6.06 LTS:
  krb5-telnetd                             1.4.3-5ubuntu0.3
  libkadm55                                1.4.3-5ubuntu0.3
  libkrb53                                 1.4.3-5ubuntu0.3

Ubuntu 6.10:
  krb5-telnetd                             1.4.3-9ubuntu1.2
  libkadm55                                1.4.3-9ubuntu1.2
  libkrb53                                 1.4.3-9ubuntu1.2

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

The krb5 telnet service did not appropriately verify user names.  A 
remote attacker could log in as the root user by requesting a specially 
crafted user name. (CVE-2007-0956)

The krb5 syslog library did not correctly verify the size of log 
messages.  A remote attacker could send a specially crafted message and 
execute arbitrary code with root privileges. (CVE-2007-0957)

The krb5 administration service was vulnerable to a double-free in the 
GSS RPC library.  A remote attacker could send a specially crafted 
request and execute arbitrary code with root privileges. (CVE-2007-1216)

Updated packages for Ubuntu 5.10:

  Source archives:
      Size/MD5:   686817 844c710e0241ed745852ac7bae4ecb08
      Size/MD5:      849 208498491852b5bc14c16b86d672c958
      Size/MD5:  6526510 7974d0fc413802712998d5fc5eec2919

  Architecture independent packages:
      Size/MD5:   826204 bb72ee539ddf1e1c4695604ec4a0f9e5

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5:   108316 5bea0546857833a1836ad6295142a80c
      Size/MD5:   221598 7b76829bac1a8fe8930c6df3b23f8b6f
      Size/MD5:    57842 dc1ae93fca67adbfec0779b45d3be7c9
      Size/MD5:   130752 f28cb736e8214cb0579e5973bcb7108f
      Size/MD5:    82896 d1f6c2576a7e64a7e1569ae7d474478d
      Size/MD5:    65436 60b2a21e967e47fce782102bdf73827e
      Size/MD5:   139102 0a1065691cac8529d6f82b22cbfe2477
      Size/MD5:   180650 738ffd9ad8e7f828694a1016f41f66a4
      Size/MD5:   649566 73da2d64499cd7d345d11690a92e5db4
      Size/MD5:   364414 3f5f1e03a9423651e88c7ab2a4b1e65e

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5:    95780 1fd24ea021d252e3e1e19d6cdfd897d4
      Size/MD5:   187746 1884960f9dd261886e38cd8265389441
      Size/MD5:    52160 3fbdc516bcd61a6003d61952ca4cff3e
      Size/MD5:   117778 f336adcf9b28a00bcd94a81e9e6adb20
      Size/MD5:    73714 02045512c5452976362ccb1c7f99c427
      Size/MD5:    56878 c237bdcae4d27193eae17b5c562428a7
      Size/MD5:   126540 5a34afdb0f12a97760952ed5ec124260
      Size/MD5:   157134 1e9111b503cb504a274f7015d6688140
      Size/MD5:   540544 bc93879857377b388e3b393aa20cf26a
      Size/MD5:   329164 d35fd02fea44c1cdf67ec0482066b49d

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5:   109498 8cd9395bb8f6e3abcbbba1e5d9d94666
      Size/MD5:   220972 437277e765bdb86958199e42e5b498cc
      Size/MD5:    56868 752ac39dad7f02e0df3dec55dae6de09
      Size/MD5:   131972 e275879aeb637721976cc32078a91b20
      Size/MD5:    82772 3f13629c1727123077347839f1051b3a
      Size/MD5:    63814 c570d5849a6050faa21097c194c4ac7d
      Size/MD5:   145356 1e36f5759e528c2ed0fb9473c807957f
      Size/MD5:   167962 b00ec2e3c980f70df17c2bcda6073fcb
      Size/MD5:   622042 44a6ad9a9893321e25351db1804b284e
      Size/MD5:   342560 817fc11560adce8154e7a650b3a6d407

  sparc architecture (Sun SPARC/UltraSPARC)
      Size/MD5:    98068 d580b5c3641c757843020af7f8488619
      Size/MD5:   198766 736024721754950d45a4a8e3a1c93762
      Size/MD5:    53928 5830f4a39c00ddc7eba7a4bc9f052136
      Size/MD5:   120620 7bc94264450bd7d3832fbbc2bd4303dc
      Size/MD5:    75048 e7bf910c190aa20dc0bacb3192a6904c
      Size/MD5:    60604 94d543d1ddbbc05e072ca80f3504afe0
      Size/MD5:   128858 c28d2991bd1c7acbe7d417f288ed885d
      Size/MD5:   156560 851bd2efcc1a53089a73a4e3c45cb2a9
      Size/MD5:   561276 05c2d8fbf938b9230a8cebedc4275956
      Size/MD5:   317266 945468c5b253ef0a76782bc924953370

Updated packages for Ubuntu 6.06 LTS:

  Source archives:
      Size/MD5:  1450397 6d20a550994d48722a1335a2f59e6474
      Size/MD5:      848 890e45d6ecef05ee271bebcab9b7c8a3
      Size/MD5:  7279788 43fe621ecb849a83ee014dfb856c54af

  Architecture independent packages:
      Size/MD5:   852932 d757f2c55e0fbe0e2852fb05587b1d6f

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5:    79894 1858afd6a9c6e851592f847b6bd9997f
      Size/MD5:   222942 53e1af549a3adf6bc28782c6986dd6a0
      Size/MD5:    60078 d660a111cf828bdff5a1d09bf2f4d858
      Size/MD5:   134922 2ae04939b9ba26c795bc7250a7ddc11d
      Size/MD5:    84974 035db1ed6f2de612fcece6077e49fbe0
      Size/MD5:    67310 0b33252e7ce4a18bddc3044e705028a6
      Size/MD5:   129622 0a098d1e3d9b2cd7987081b2ba22129d
      Size/MD5:   190574 93682210ad2b587a61d8476461bf2386
      Size/MD5:   768428 3ebf4a0c90a903c27fde87fe776c22f1
      Size/MD5:   425414 e1d2434b60a75b2928d3f3b8af32716e

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5:    71870 07f06a5c4ee97df068b55f677ed96ab0
      Size/MD5:   186942 6b444434a9218645a67e5e7f72a0d144
      Size/MD5:    54046 1d0a51117d3a7f26d34eb0db54a21d24
      Size/MD5:   121316 a0841074d87b12096b1e1f3fa363304c
      Size/MD5:    75632 c527733b2951c730bbf80e0f2766864d
      Size/MD5:    58434 e5d271c6513d6a358b95bad1f1da13fe
      Size/MD5:   118738 52498adc13664159ca11d109fb3ff7ef
      Size/MD5:   165362 3c40cdfc1b1688fb8469b60c7fa5d5fa
      Size/MD5:   646818 99f38f77d5698bfb3d1dc4ed606c9819
      Size/MD5:   380834 558b787aea1675498b9851a5e845b8f8

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5:    79928 28699719511f1006564fae51ba800c0e
      Size/MD5:   220288 397e0b2cb077bd2a94275c59a53d8cc5
      Size/MD5:    59286 d1c208154c9e1164b1e73a0a33576865
      Size/MD5:   135782 7dd13578bbd8a72647cd6aa8a7ccc86d
      Size/MD5:    84834 f3d345ec2e1a2e8a68168edef207db59
      Size/MD5:    65698 2966d7b44aae7b7707890ae4b7c71e50
      Size/MD5:   134586 89e4dc1998c5309ff0610d152f8af728
      Size/MD5:   177336 56833715fec8ee7ecf340cecc3c052d1
      Size/MD5:   751614 4bd9979114a4c09d68843c180e5ba76d
      Size/MD5:   395634 d86ccfd5f9b3e22008a57e7d9992bac2

  sparc architecture (Sun SPARC/UltraSPARC)
      Size/MD5:    72456 60f9aa95d236b8a10a58af541c80cf44
      Size/MD5:   197112 f13dcda2855f78ee5889ac11d1ce3f64
      Size/MD5:    56014 ea98fa07954225a7921074c9f8f3bc2e
      Size/MD5:   124104 a08ef476c3525685b0c13e32730f4f18
      Size/MD5:    76642 9827a52a49e7f1f0901e61b89ad6109e
      Size/MD5:    62052 4ef9333982851dff98a9926face3d7b5
      Size/MD5:   120302 ca4e8b9eccef6fcaa7be8d571a8cfdc9
      Size/MD5:   164884 4e5bb80668b4bcfc8dbf3dbb66edd882
      Size/MD5:   678170 b37b48fe044930e3673870a7bc0e21f1
      Size/MD5:   368416 88a65c366cefb5b08257663da40a3f2d

Updated packages for Ubuntu 6.10:

  Source archives:
      Size/MD5:  1471472 903ddcb50fb53692b22079149aacf5b3
      Size/MD5:      883 46b26c7b5b3f2db133d3df3d76bbbd66
      Size/MD5:  7279788 43fe621ecb849a83ee014dfb856c54af

  Architecture independent packages:
      Size/MD5:   853686 6663e1951345b56bc62e06d4aa5355d9

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5:    81278 7612cf55c16966cc9d7cb18aac0a1cf9
      Size/MD5:   224148 31a5f6215bf49d58726bcd1c0bc3d2d2
      Size/MD5:    61348 f58d5bbc7fc16b4ec3b1270c9ee20adc
      Size/MD5:   138968 af1ae5276f5201707fcedba60b53a15a
      Size/MD5:    87158 3e10e610c8a7d16efe98e1d5f094b014
      Size/MD5:    67842 ceb59599f780644ea0c3850548539920
      Size/MD5:   130368 268dea87d9cc531658765c05590782c2
      Size/MD5:   190454 cc424b6df20e10cfb937509f92f1435b
      Size/MD5:  1073032 e39189e1301e7937ec4775baa7c3d628
      Size/MD5:   772238 75f5fb1e7789ef980c24629bb1693bdc
      Size/MD5:   427766 5291a6f4964f785833def3c252b191ba

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5:    74982 8d32364b9e263b5f71549c988d4346fd
      Size/MD5:   196246 c88e2d433c357b54213f165264fa2aaf
      Size/MD5:    56852 94a47e63f9debd25d86710b1e5fa7064
      Size/MD5:   129292 27c00298d3552b72d213b738fc8614c8
      Size/MD5:    79810 04466ba4061e5bdd71bc7be31fd4f13c
      Size/MD5:    61644 6c1f86f05c923831d61a1e952506fe19
      Size/MD5:   121936 7fddcc69cc534f5bd356df611780a78f
      Size/MD5:   172740 7b8ebe4541cc1d4e4134fd4987e3c577
      Size/MD5:  1024590 de774301bac4884835e075523c4f6916
      Size/MD5:   672868 0491678bee83e1239d9ddd0a71e27059
      Size/MD5:   403908 92f76a9e22942f0198a9be729974d138

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5:    81836 22b298de9b8fdf38ef9373f37ad03c80
      Size/MD5:   222908 be27c7a2248b6601bbd92a25cf305a75
      Size/MD5:    61548 b18ba0781f98cfe7e1e05cfb16ec9644
      Size/MD5:   141034 69321be2ce21afdd4127e72807e7c0e7
      Size/MD5:    87026 59f82e551cfdc4493e9f9bf2f4e67960
      Size/MD5:    66930 ca9b8411f1d2af0b1a768d937c0a6af2
      Size/MD5:   136584 dea2b1193d7dcf228a3f2689bd95fffc
      Size/MD5:   179776 48a1ab7e8cfa50d728a0859f0a5ccdf7
      Size/MD5:  1076490 27b2dd0192e6522c8315a455f2e7ed45
      Size/MD5:   758110 d4f3f6d75e51f02610bf0d0e7a22926f
      Size/MD5:   398844 5ef9560f68e612334c079df3e2edad01

  sparc architecture (Sun SPARC/UltraSPARC)
      Size/MD5:    74868 2e4e528ee133619557f8aec8e0c8b2b0
      Size/MD5:   203426 3127eff82089a90ea6b6d9ab07f39c81
      Size/MD5:    58702 ab54c651f3535aba1d4d307a54057015
      Size/MD5:   129440 e0be22f0d22c2fc6c26725ef634d891d
      Size/MD5:    80142 05b050efadcbe4d7cd33810ca55106ba
      Size/MD5:    63328 b5d305b8ec322ab792612a14f78393bc
      Size/MD5:   122470 ac88d8e54928ac6ade0946bc4416274d
      Size/MD5:   166838 f76d132583314a6c4877fd4a92ba5272
      Size/MD5:   957544 e053bf04b77ca1ef3335f3c1eb2142ba
      Size/MD5:   684894 75f0f29d320ed4e4d04c717d556f88ed
      Size/MD5:   373794 bd4b61b5e9ab39a1e0ea1e9e8465278a

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Ottawa Linux Symposium: May get by with a little help from its friends
Black Hat 2014: How to crack just about everything
NSA Playset, 911 hacked and war cats: A wild ride at DEF CON 22
More Details of Onion/Critroni Crypto Ransomware Emerge
Is there Another NSA Leaker? Updated
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.