Ubuntu 9.10 : krb5 vulnerabilities (USN-916-1)

Ubuntu Security Notice (C) 2010-2013 Canonical, Inc. / NASL script (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing one or more security-related patches.

Description :

Emmanuel Bouillon discovered that Kerberos did not correctly handle
certain message types. An unauthenticated remote attacker could send
specially crafted traffic to cause the KDC to crash, leading to a
denial of service. (CVE-2010-0283)

Nalin Dahyabhai, Jan iankko Lieskovsky, and Zbysek Mraz discovered
that Kerberos did not correctly handle certain GSS packets. An
unauthenticated remote attacker could send specially crafted traffic
that would cause services using GSS-API to crash, leading to a denial
of service. (CVE-2010-0628).

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.4
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 65122 ()

Bugtraq ID: 38260

CVE ID: CVE-2010-0283
CVE-2010-0628