Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 433
Alerts This Week
Warning Icon 1 433

Ubuntu 14.10 Vulnerability Advisory: Moderate Kerberos Issues

ubuntu
Calendar Grey February 10, 2015
Dist Ubuntu Esm H88
Numerous krb5 vulnerabilities addressed in Ubuntu. Guidance for updating shared for impacted versions.
Several security issues were fixed in Kerberos.

Summary

Several security issues were fixed in Kerberos.

Software Description:

- krb5: MIT Kerberos Network Authentication Protocol

Details:

It was discovered that Kerberos incorrectly sent old keys in response to a

-randkey -keepold request. An authenticated remote attacker could use this

issue to forge tickets by leveraging administrative access. This issue

only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.

(CVE-2014-5351)

It was discovered that the libgssapi_krb5 library incorrectly processed

security context handles. A remote attacker could use this issue to cause

a denial of service, or possibly execute arbitrary code. (CVE-2014-5352)

Patrik Kis discovered that Kerberos incorrectly handled LDAP queries with

no results. An authenticated remote attacker could use this issue to cause

the KDC to crash, resulting in a denial of service. (CVE-2014-5353)

It was discovered that Kerberos incorrectly handled creating database

entries for a keyless...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
  krb5-admin-server               1.12.1+dfsg-10ubuntu0.1
  krb5-kdc                        1.12.1+dfsg-10ubuntu0.1
  krb5-kdc-ldap                   1.12.1+dfsg-10ubuntu0.1
  krb5-otp                        1.12.1+dfsg-10ubuntu0.1
  krb5-pkinit                     1.12.1+dfsg-10ubuntu0.1
  krb5-user                       1.12.1+dfsg-10ubuntu0.1
  libgssapi-krb5-2                1.12.1+dfsg-10ubuntu0.1
  libgssrpc4                      1.12.1+dfsg-10ubuntu0.1
  libk5crypto3                    1.12.1+dfsg-10ubuntu0.1
  libkadm5clnt-mit9               1.12.1+dfsg-10ubuntu0.1
  libkadm5srv-mit9                1.12.1+dfsg-10ubuntu0.1
  libkdb5-7                       1.12.1+dfsg-10ubuntu0.1
  libkrad0                        1.12.1+dfsg-10ubuntu0.1
  libkrb5-3                       1.12.1+dfsg-10ubuntu0.1
  libkrb5support0                 1.12.1+dfsg-10ubuntu0.1

Ubuntu 14.04 LTS:
  krb5-admin-server               1.12+dfsg-2ubuntu5.1
  krb5-kdc                        1.12+dfsg-2ubuntu5.1
  krb5-kdc-ldap                   1.12+dfsg-2ubuntu5.1
  krb5-otp                        1.12+dfsg-2ubuntu5.1
  krb5-pkinit                     1.12+dfsg-2ubuntu5.1
  krb5-user                       1.12+dfsg-2ubuntu5.1
  libgssapi-krb5-2                1.12+dfsg-2ubuntu5.1
  libgssrpc4                      1.12+dfsg-2ubuntu5.1
  libk5crypto3                    1.12+dfsg-2ubuntu5.1
  libkadm5clnt-mit9               1.12+dfsg-2ubuntu5.1
  libkadm5srv-mit8                1.12+dfsg-2ubuntu5.1
  libkadm5srv-mit9                1.12+dfsg-2ubuntu5.1
  libkdb5-7                       1.12+dfsg-2ubuntu5.1
  libkrad0                        1.12+dfsg-2ubuntu5.1
  libkrb5-3                       1.12+dfsg-2ubuntu5.1
  libkrb5support0                 1.12+dfsg-2ubuntu5.1

Ubuntu 12.04 LTS:
  krb5-admin-server               1.10+dfsg~beta1-2ubuntu0.6
  krb5-kdc                        1.10+dfsg~beta1-2ubuntu0.6
  krb5-kdc-ldap                   1.10+dfsg~beta1-2ubuntu0.6
  krb5-pkinit                     1.10+dfsg~beta1-2ubuntu0.6
  krb5-user                       1.10+dfsg~beta1-2ubuntu0.6
  libgssapi-krb5-2                1.10+dfsg~beta1-2ubuntu0.6
  libgssrpc4                      1.10+dfsg~beta1-2ubuntu0.6
  libk5crypto3                    1.10+dfsg~beta1-2ubuntu0.6
  libkadm5clnt-mit8               1.10+dfsg~beta1-2ubuntu0.6
  libkadm5srv-mit8                1.10+dfsg~beta1-2ubuntu0.6
  libkdb5-6                       1.10+dfsg~beta1-2ubuntu0.6
  libkrb5-3                       1.10+dfsg~beta1-2ubuntu0.6
  libkrb53                        1.10+dfsg~beta1-2ubuntu0.6
  libkrb5support0                 1.10+dfsg~beta1-2ubuntu0.6

Ubuntu 10.04 LTS:
  krb5-admin-server               1.8.1+dfsg-2ubuntu0.14
  krb5-kdc                        1.8.1+dfsg-2ubuntu0.14
  krb5-kdc-ldap                   1.8.1+dfsg-2ubuntu0.14
  krb5-pkinit                     1.8.1+dfsg-2ubuntu0.14
  krb5-user                       1.8.1+dfsg-2ubuntu0.14
  libgssapi-krb5-2                1.8.1+dfsg-2ubuntu0.14
  libgssrpc4                      1.8.1+dfsg-2ubuntu0.14
  libk5crypto3                    1.8.1+dfsg-2ubuntu0.14
  libkadm5clnt-mit7               1.8.1+dfsg-2ubuntu0.14
  libkadm5srv-mit7                1.8.1+dfsg-2ubuntu0.14
  libkdb5-4                       1.8.1+dfsg-2ubuntu0.14
  libkrb5-3                       1.8.1+dfsg-2ubuntu0.14
  libkrb5support0                 1.8.1+dfsg-2ubuntu0.14

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2498-1

CVE-2014-5351, CVE-2014-5352, CVE-2014-5353, CVE-2014-5354,

CVE-2014-9421, CVE-2014-9422, CVE-2014-9423

Severity
medium
Lowest
Low
Medium
High
Critical

February 10, 2015

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.