| Description: | Description:
The remote host is missing an update to krb5
announced via advisory USN-224-1.
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
kerberos4kth-clients
krb5-clients
krb5-kdc
krb5-rsh-server
krb5-telnetd
Gaël Delalleau discovered a buffer overflow in the env_opt_add()
function of the Kerberos 4 and 5 telnet clients. By sending specially
crafted replies, a malicious telnet server could exploit this to
execute arbitrary code with the privileges of the user running the
telnet client. (CVE-2005-0468)
Gaël Delalleau discovered a buffer overflow in the handling of the
LINEMODE suboptions in the telnet clients of Kerberos 4 and 5. By
sending a specially constructed reply containing a large number of SLC
(Set Local Character) commands, a remote attacker (i. e. a malicious
telnet server) could execute arbitrary commands with the privileges of
the user running the telnet client. (CVE-2005-0469)
Daniel Wachdorf discovered two remote vulnerabilities in the Key
Distribution Center of Kerberos 5 (krb5-kdc). By sending certain TCP
connection requests, a remote attacker could trigger a double-freeing
of memory, which led to memory corruption and a crash of the KDC
server. (CVE-2005-1174). Under rare circumstances the same type of TCP
connection requests could also trigger a buffer overflow that could be
exploited to run arbitrary code with the privileges of the KDC server.
(CVE-2005-1175)
Magnus Hagander discovered that the krb5_recvauth() function attempted
to free previously freed memory in some situations. A remote attacker
could possibly exploit this to run arbitrary code with the privileges
of the program that called this function. Most imporantly, this
affects the following daemons: kpropd (from the krb5-kdc package),
klogind, and kshd (both from the krb5-rsh-server package).
(CVE-2005-1689)
Please note that these packages are not officially supported by Ubuntu
(they are in the 'universe' component of the archive).
Solution:
On Ubuntu 4.10, the problem can be corrected by upgrading the affected
package to version 1.2.2-10ubuntu0.1 (kerberos4kth-clients), and
1.3.4-3ubuntu0.2 (krb5-clients, krb5-kdc, krb5-rsh-server,
krb5-telnetd).
On Ubuntu 5.04, the problem can be corrected by upgrading the affected
package to version 1.2.2-10ubuntu0.1 (kerberos4kth-client ), and
1.3.6-1ubuntu0.1 (krb5-clients, krb5-kdc, krb5-rsh-server,
krb5-telnetd).
In general, a standard system upgrade is sufficient to effect the
necessary changes.
https://secure1.securityspace.com/smysecure/catid.html?in=USN-224-1
Risk factor : High
CVSS Score:
7.5
|
