Ubuntu Security Notice (C) 2005-2013 Canonical, Inc. / NASL script (C) 2006-2013 Tenable Network Security, Inc.
The remote Ubuntu host is missing one or more security-related patches.
Gaï¿½Delalleau discovered a buffer overflow in the env_opt_add()
function of the Kerberos 4 and 5 telnet clients. By sending specially
crafted replies, a malicious telnet server could exploit this to
execute arbitrary code with the privileges of the user running the
telnet client. (CVE-2005-0468)
Gaï¿½Delalleau discovered a buffer overflow in the handling of the
LINEMODE suboptions in the telnet clients of Kerberos 4 and 5. By
sending a specially constructed reply containing a large number of SLC
(Set Local Character) commands, a remote attacker (i. e. a malicious
telnet server) could execute arbitrary commands with the privileges of
the user running the telnet client. (CVE-2005-0469)
Daniel Wachdorf discovered two remote vulnerabilities in the Key
Distribution Center of Kerberos 5 (krb5-kdc). By sending certain TCP
connection requests, a remote attacker could trigger a double-freeing
of memory, which led to memory corruption and a crash of the KDC
server. (CVE-2005-1174). Under rare circumstances the same type of TCP
connection requests could also trigger a buffer overflow that could be
exploited to run arbitrary code with the privileges of the KDC server.
Magnus Hagander discovered that the krb5_recvauth() function attempted
to free previously freed memory in some situations. A remote attacker
could possibly exploit this to run arbitrary code with the privileges
of the program that called this function. Most imporantly, this
affects the following daemons: kpropd (from the krb5-kdc package),
klogind, and kshd (both from the krb5-rsh-server package).
Please note that these packages are not officially supported by Ubuntu
(they are in the 'universe' component of the archive).
Update the affected packages.
Risk factor :
High / CVSS Base Score : 7.5