Summary
Ubuntu Update for Linux kernel vulnerabilities USN-449-1
Solution
Please Install the Updated Packages.
Insight
The krb5 telnet service did not appropriately verify user names. A remote attacker could log in as the root user by requesting a specially crafted user name. (CVE-2007-0956)
The krb5 syslog library did not correctly verify the size of log messages. A remote attacker could send a specially crafted message and execute arbitrary code with root privileges. (CVE-2007-0957)
The krb5 administration service was vulnerable to a double-free in the GSS RPC library. A remote attacker could send a specially crafted request and execute arbitrary code with root privileges. (CVE-2007-1216)
Affected
krb5 vulnerabilities on Ubuntu 5.10 ,
Ubuntu 6.06 LTS ,
Ubuntu 6.10
Severity
Classification
-
CVE CVE-2007-0956, CVE-2007-0957, CVE-2007-1216 -
CVSS Base Score: 9.0
AV:N/AC:L/Au:S/C:C/I:C/A:C
Related Vulnerabilities
- Ubuntu Update for bind9 vulnerabilities USN-418-1
- Ubuntu Update for evince vulnerabilities USN-1035-1
- Ubuntu Update for clamav vulnerabilities USN-1031-1
- Ubuntu Update for apturl, Epiphany, gecko-sharp, gnome-python-extras, liferea, rhythmbox, totem, ubufox, yelp update USN-930-2
- Ubuntu Update for bsd-mailx USN-2455-1