USN-1062-1: Kerberos vulnerabilities

15 February 2011

krb5 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 10.10
  • Ubuntu 10.04 LTS
  • Ubuntu 9.10
  • Ubuntu 8.04 LTS

Summary

Software Description

  • krb5

Details

Keiichi Mori discovered that the MIT krb5 KDC database propagation daemon (kpropd) is vulnerable to a denial of service attack due to improper logic when a worker child process exited because of invalid network input. This could only occur when kpropd is running in standalone mode; kpropd was not affected when running in incremental propagation mode (“iprop”) or as an inetd server. This issue only affects Ubuntu 9.10, Ubuntu 10.04 LTS, and Ubuntu 10.10. (CVE-2010-4022)

Kevin Longfellow and others discovered that the MIT krb5 Key Distribution Center (KDC) daemon is vulnerable to denial of service attacks when using an LDAP back end due to improper handling of network input. (CVE-2011-0281, CVE-2011-0282)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 10.10
krb5-kdc - 1.8.1+dfsg-5ubuntu0.4
krb5-kdc-ldap - 1.8.1+dfsg-5ubuntu0.4
Ubuntu 10.04 LTS
krb5-kdc - 1.8.1+dfsg-2ubuntu0.6
krb5-kdc-ldap - 1.8.1+dfsg-2ubuntu0.6
Ubuntu 9.10
krb5-kdc - 1.7dfsg~beta3-1ubuntu0.9
krb5-kdc-ldap - 1.7dfsg~beta3-1ubuntu0.9
Ubuntu 8.04 LTS
krb5-kdc - 1.6.dfsg.3~beta1-2ubuntu1.8

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References