Alerts This Week
Warning Icon 1 664
Alerts This Week
Warning Icon 1 664

Ubuntu 10.10/10.04 LTS: USN-1116-1 Critical DoS Due to Kerberos Issue

Calendar Apr 19, 2011 User Avatar LinuxSecurity Advisories
1 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory DoS Ubuntu attack krb5
An unauthenticated remote user could crash the Kerberos service. 
=========================================================================Ubuntu Security Notice USN-1116-1
April 19, 2011

krb5 vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 10.10
- Ubuntu 10.04 LTS
- Ubuntu 9.10

Summary:

An unauthenticated remote user could crash the Kerberos service.

Software Description:
- krb5: MIT Kerberos services

Details:

Felipe Ortega discovered that kadmind did not correctly handle password
changing error conditions. An unauthenticated remote attacker could exploit
this to crash kadmind, leading to a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 10.10:
  krb5-admin-server               1.8.1+dfsg-5ubuntu0.7

Ubuntu 10.04 LTS:
  krb5-admin-server               1.8.1+dfsg-2ubuntu0.9

Ubuntu 9.10:
  krb5-admin-server               1.7dfsg~beta3-1ubuntu0.13

In general, a standard system update will make all the necessary changes.

References:
  CVE-2011-0285

Package Information:
  https://launchpad.net/ubuntu/+source/krb5/1.8.1+dfsg-5ubuntu0.7
  https://launchpad.net/ubuntu/+source/krb5/1.8.1+dfsg-2ubuntu0.9
  https://launchpad.net/ubuntu/+source/krb5/1.7dfsg~beta3-1ubuntu0.13

Ubuntu 10.10/10.04 LTS: USN-1116-1 Critical DoS Due to Kerberos Issue

ubuntu
Calendar Grey April 19, 2011
Dist Ubuntu Esm H88
An exploit in the Kerberos system of Ubuntu can lead to service disruption for users. Information regarding the patch has been provided.
An unauthenticated remote user could crash the Kerberos service.

Summary

Topics%20covered

Topics Covered

security advisory DoS Ubuntu attack krb5

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 10.10: krb5-admin-server 1.8.1+dfsg-5ubuntu0.7 Ubuntu 10.04 LTS: krb5-admin-server 1.8.1+dfsg-2ubuntu0.9 Ubuntu 9.10: krb5-admin-server 1.7dfsg~beta3-1ubuntu0.13 In general, a standard system update will make all the necessary changes.

References

CVE-2011-0285

Severity
critical
Lowest
Low
Medium
High
Critical

April 19, 2011

Topics%20covered

Topics Covered

security advisory DoS Ubuntu attack krb5

Package Information

https://launchpad.net/ubuntu/+source/krb5/1.8.1+dfsg-5ubuntu0.7 https://launchpad.net/ubuntu/+source/krb5/1.8.1+dfsg-2ubuntu0.9 https://launchpad.net/ubuntu/+source/krb5/1.7dfsg~beta3-1ubuntu0.13

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here