USN-408-1: krb5 vulnerability

16 January 2007

krb5 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 6.10
  • Ubuntu 6.06 LTS

Software Description


The server-side portion of Kerberos’ RPC library had a memory management flaw which allowed users of that library to call a function pointer located in unallocated memory. By doing specially crafted calls to the kadmind server, a remote attacker could exploit this to execute arbitrary code with root privileges on the target computer.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 6.10
libkadm55 - 1.4.3-9ubuntu1.1
libkrb53 - 1.4.3-9ubuntu1.1
Ubuntu 6.06 LTS
libkadm55 - 1.4.3-5ubuntu0.2
libkrb53 - 1.4.3-5ubuntu0.2

To update your system, please follow these instructions:

In general, a standard system upgrade is sufficient to effect the necessary changes.