Ubuntu Update For Krb5 Vulnerabilities USN-449-1 Network Vulnerability

Summary

Ubuntu Update for Linux kernel vulnerabilities USN-449-1

Solution

Please Install the Updated Packages.

Insight

The krb5 telnet service did not appropriately verify user names. A remote attacker could log in as the root user by requesting a specially crafted user name. (CVE-2007-0956) The krb5 syslog library did not correctly verify the size of log messages. A remote attacker could send a specially crafted message and execute arbitrary code with root privileges. (CVE-2007-0957) The krb5 administration service was vulnerable to a double-free in the GSS RPC library. A remote attacker could send a specially crafted request and execute arbitrary code with root privileges. (CVE-2007-1216)

Affected

krb5 vulnerabilities on Ubuntu 5.10 , Ubuntu 6.06 LTS , Ubuntu 6.10

Severity

Classification

CVE CVE-2007-0956, CVE-2007-0957, CVE-2007-1216

CVSS	Base Score: 9.0 AV:N/AC:L/Au:S/C:C/I:C/A:C

Related Vulnerabilities

Ubuntu Update for apturl, Epiphany, gecko-sharp, gnome-python-extras, liferea, rhythmbox, totem, ubufox, yelp update USN-930-2
Ubuntu Update for djvulibre USN-2056-1
Ubuntu Update for bind9 vulnerability USN-1070-1
Ubuntu Update for evince vulnerabilities USN-1035-1
Ubuntu Update for bind9 USN-1910-1

Ubuntu Update for krb5 vulnerabilities USN-449-1

Take action and discover your vulnerabilities