Ubuntu 8.04 LTS / 8.10 / 9.04 : krb5 vulnerabilities (USN-924-1)

Ubuntu Security Notice (C) 2010-2013 Canonical, Inc. / NASL script (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing one or more security-related patches.

Description :

Sol Jerome discovered that the Kerberos kadmind service did not
correctly free memory. An unauthenticated remote attacker could send
specially crafted traffic to crash the kadmind process, leading to a
denial of service. (CVE-2010-0629)

It was discovered that Kerberos did not correctly free memory in the
GSSAPI library. If a remote attacker were able to manipulate an
application using GSSAPI carefully, the service could crash, leading
to a denial of service. (Ubuntu 8.10 was not affected.)
(CVE-2007-5901, CVE-2007-5971)

It was discovered that Kerberos did not correctly free memory in the
GSSAPI and kdb libraries. If a remote attacker were able to manipulate
an application using these libraries carefully, the service could
crash, leading to a denial of service. (Only Ubuntu 8.04 LTS was
affected.) (CVE-2007-5902, CVE-2007-5972).

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 65123 ()

Bugtraq ID:

CVE ID: CVE-2007-5901
CVE-2007-5902
CVE-2007-5971
CVE-2007-5972
CVE-2010-0629