Ubuntu Security Notice: Kerberos Vulnerability

Ubuntu development team announced yesterday a security vulnerability in the Kerberos packages. The team discovered that the libraries handling RPCSEC_GSS did not correctly validate the size of certain packet structures. Therefore, an unauthenticated remote user had the ability to send a specially crafted request and execute an arbitrary code with root privileges. The security issue affects the following Ubuntu releases:

  • Ubuntu 6.06 LTS (Dapper Drake)
  • Ubuntu 6.10 (Edgy Eft)
  • Ubuntu 7.04 (Feisty Fawn)

And it also applies to the corresponding versions of Kubuntu, Edubuntu and Xubuntu distributions.

The best way to fix this security issue is to upgrade your system to the following package versions:

For Ubuntu 6.06 LTS:

  • libkadm55 1.4.3-5ubuntu0.5
  • librpcsecgss1 0.7-0ubuntu1.1

For Ubuntu 6.10:

  • libkadm55 1.4.3-9ubuntu1.4
  • librpcsecgss2 0.13-2ubuntu0.1

For Ubuntu 7.04:

  • libkadm55 1.4.4-5ubuntu3.2
  • librpcsecgss3 0.14-2ubuntu1.1

Source : USN-511-1: Kerberos vulnerability | Ubuntu