Ubuntu Security Notice (C) 2007-2016 Canonical, Inc. / NASL script (C) 2007-2016 Tenable Network Security, Inc.
The remote Ubuntu host is missing one or more security-related
Wei Wang discovered that the krb5 RPC library did not correctly handle
certain error conditions. A remote attacker could cause kadmind to
free an uninitialized pointer, leading to a denial of service or
possibly execution of arbitrary code with root privileges.
Wei Wang discovered that the krb5 RPC library did not correctly check
the size of certain communications. A remote attacker could send a
specially crafted request to kadmind and execute arbitrary code with
root privileges. (CVE-2007-2443)
It was discovered that the kadmind service could be made to overflow
its stack. A remote attacker could send a specially crafted request
and execute arbitrary code with root privileges. (CVE-2007-2798).
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.
Update the affected packages.
Risk factor :
High / CVSS Base Score : 9.3