Ubuntu Security Notice: Kerberos Vulnerability

Ubuntu development team announced yesterday a security vulnerability in the Kerberos packages. The team discovered that the libraries handling RPCSEC_GSS did not correctly validate the size of certain packet structures. Therefore, an unauthenticated remote user had the ability to send a specially crafted request and execute an arbitrary code with root privileges. The security issue affects the following Ubuntu releases:

  • Ubuntu 6.06 LTS (Dapper Drake)
  • Ubuntu 6.10 (Edgy Eft)
  • Ubuntu 7.04 (Feisty Fawn)

And it also applies to the corresponding versions of Kubuntu, Edubuntu and Xubuntu distributions.

The best way to fix this security issue is to upgrade your system to the following package versions:

For Ubuntu 6.06 LTS:

  • libkadm55 1.4.3-5ubuntu0.5
  • librpcsecgss1 0.7-0ubuntu1.1

For Ubuntu 6.10:

  • libkadm55 1.4.3-9ubuntu1.4
  • librpcsecgss2 0.13-2ubuntu0.1

For Ubuntu 7.04:

  • libkadm55 1.4.4-5ubuntu3.2
  • librpcsecgss3 0.14-2ubuntu1.1

Source : USN-511-1: Kerberos vulnerability | Ubuntu

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: