Summary
Ubuntu Update for Linux kernel vulnerabilities USN-1233-1
Solution
Please Install the Updated Packages.
Insight
Nalin Dahyabhai, Andrej Ota and Kyle Moffett discovered a NULL pointer dereference in the KDC LDAP backend. An unauthenticated remote attacker could use this to cause a denial of service. This issue affected Ubuntu 11.10. (CVE-2011-1527)
Mark Deneen discovered that an assert() could be triggered in the krb5_ldap_lockout_audit() function in the KDC LDAP backend and the krb5_db2_lockout_audit() function in the KDC DB2 backend. An unauthenticated remote attacker could use this to cause a denial of service. (CVE-2011-1528)
It was discovered that a NULL pointer dereference could occur in the lookup_lockout_policy() function in the KDC LDAP and DB2 backends.
An unauthenticated remote attacker could use this to cause a denial of service. (CVE-2011-1529)
Affected
krb5 on Ubuntu 11.04 ,
Ubuntu 10.10 ,
Ubuntu 10.04 LTS
Severity
Classification
-
CVE CVE-2011-1527, CVE-2011-1528, CVE-2011-1529 -
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C
Related Vulnerabilities