Ubuntu 6.06 LTS / 6.10 / 7.04 : krb5 vulnerabilities (USN-477-1)

Ubuntu Security Notice (C) 2007-2016 Canonical, Inc. / NASL script (C) 2007-2016 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing one or more security-related
patches.

Description :

Wei Wang discovered that the krb5 RPC library did not correctly handle
certain error conditions. A remote attacker could cause kadmind to
free an uninitialized pointer, leading to a denial of service or
possibly execution of arbitrary code with root privileges.
(CVE-2007-2442)

Wei Wang discovered that the krb5 RPC library did not correctly check
the size of certain communications. A remote attacker could send a
specially crafted request to kadmind and execute arbitrary code with
root privileges. (CVE-2007-2443)

It was discovered that the kadmind service could be made to overflow
its stack. A remote attacker could send a specially crafted request
and execute arbitrary code with root privileges. (CVE-2007-2798).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 28078 ()

Bugtraq ID:

CVE ID: CVE-2007-2442
CVE-2007-2443
CVE-2007-2798

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial