USN-408-1: krb5 vulnerability

Ubuntu Security Notice USN-408-1

15th January, 2007

krb5 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 6.10
  • Ubuntu 6.06 LTS


The server-side portion of Kerberos' RPC library had a memory
management flaw which allowed users of that library to call a function
pointer located in unallocated memory. By doing specially crafted
calls to the kadmind server, a remote attacker could exploit this to
execute arbitrary code with root privileges on the target computer.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 6.10:
libkrb53 1.4.3-9ubuntu1.1
libkadm55 1.4.3-9ubuntu1.1
Ubuntu 6.06 LTS:
libkrb53 1.4.3-5ubuntu0.2
libkadm55 1.4.3-5ubuntu0.2

To update your system, please follow these instructions:

In general, a standard system upgrade is sufficient to effect the
necessary changes.