1. Ubuntu Security Notices
  2. USN-408-1

USN-408-1: krb5 vulnerability

Publication date

16 January 2007

Overview

krb5 vulnerability

Releases

Details

The server-side portion of Kerberos’ RPC library had a memory
management flaw which allowed users of that library to call a function
pointer located in unallocated memory. By doing specially crafted
calls to the kadmind server, a remote attacker could exploit this to
execute arbitrary code with root privileges on the target computer.

The server-side portion of Kerberos’ RPC library had a memory
management flaw which allowed users of that library to call a function
pointer located in unallocated memory. By doing specially crafted
calls to the kadmind server, a remote attacker could exploit this to
execute arbitrary code with root privileges on the target computer.

Update instructions

In general, a standard system upgrade is sufficient to effect the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
6.10 edgy libkrb53 –  1.4.3-9ubuntu1.1
libkadm55 –  1.4.3-9ubuntu1.1
6.06 dapper libkrb53 –  1.4.3-5ubuntu0.2
libkadm55 –  1.4.3-5ubuntu0.2

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›