Ubuntu Update For Krb5 Vulnerabilities USN-477-1 Network Vulnerability

Summary

Ubuntu Update for Linux kernel vulnerabilities USN-477-1

Solution

Please Install the Updated Packages.

Insight

Wei Wang discovered that the krb5 RPC library did not correctly handle certain error conditions. A remote attacker could cause kadmind to free an uninitialized pointer, leading to a denial of service or possibly execution of arbitrary code with root privileges. (CVE-2007-2442) Wei Wang discovered that the krb5 RPC library did not correctly check the size of certain communications. A remote attacker could send a specially crafted request to kadmind and execute arbitrary code with root privileges. (CVE-2007-2443) It was discovered that the kadmind service could be made to overflow its stack. A remote attacker could send a specially crafted request and execute arbitrary code with root privileges. (CVE-2007-2798)

Affected

krb5 vulnerabilities on Ubuntu 6.06 LTS , Ubuntu 6.10 , Ubuntu 7.04

References

https://lists.ubuntu.com/archives/ubuntu-security-announce/2007-June/000550.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2007-2442, CVE-2007-2443, CVE-2007-2798

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Ubuntu Update for krb5 vulnerabilities USN-477-1

Take action and discover your vulnerabilities