Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu 18.04 LTS USN-6467-1 Critical: krb5 Denial of Service Risk

ubuntu
Calendar Grey November 1, 2023
Dist Ubuntu Esm H88
A vulnerability in Kerberos on Ubuntu can lead to system instability when processing malformed packets. It is crucial to apply updates immediately to address this critical concern.
Kerberos could be made to crash if it received specially crafted network traffic.

Summary

Kerberos could be made to crash if it received specially crafted

network traffic.

Software Description:

- krb5: MIT Kerberos Network Authentication Protocol

Details:

Robert Morris discovered that Kerberos did not properly handle memory

access when processing RPC data through kadmind, which could lead to the

freeing of uninitialized memory. An authenticated remote attacker could

possibly use this issue to cause kadmind to crash, resulting in a denial

of service.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
krb5-admin-server 1.16-2ubuntu0.4+esm1
krb5-kdc 1.16-2ubuntu0.4+esm1
krb5-kdc-ldap 1.16-2ubuntu0.4+esm1
krb5-otp 1.16-2ubuntu0.4+esm1
krb5-pkinit 1.16-2ubuntu0.4+esm1
krb5-user 1.16-2ubuntu0.4+esm1
libgssapi-krb5-2 1.16-2ubuntu0.4+esm1
libgssrpc4 1.16-2ubuntu0.4+esm1
libk5crypto3 1.16-2ubuntu0.4+esm1
libkadm5clnt-mit11 1.16-2ubuntu0.4+esm1
libkadm5srv-mit11 1.16-2ubuntu0.4+esm1
libkdb5-9 1.16-2ubuntu0.4+esm1
libkrad0 1.16-2ubuntu0.4+esm1
libkrb5-3 1.16-2ubuntu0.4+esm1
libkrb5support0 1.16-2ubuntu0.4+esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
krb5-admin-server 1.13.2+dfsg-5ubuntu2.2+esm4
krb5-kdc 1.13.2+dfsg-5ubuntu2.2+esm4
krb5-kdc-ldap 1.13.2+dfsg-5ubuntu2.2+esm4
krb5-otp 1.13.2+dfsg-5ubuntu2.2+esm4
krb5-pkinit 1.13.2+dfsg-5ubuntu2.2+esm4
krb5-user 1.13.2+dfsg-5ubuntu2.2+esm4
libgssapi-krb5-2 1.13.2+dfsg-5ubuntu2.2+esm4
libgssrpc4 1.13.2+dfsg-5ubuntu2.2+esm4
libk5crypto3 1.13.2+dfsg-5ubuntu2.2+esm4
libkadm5clnt-mit9 1.13.2+dfsg-5ubuntu2.2+esm4
libkadm5srv-mit9 1.13.2+dfsg-5ubuntu2.2+esm4
libkdb5-8 1.13.2+dfsg-5ubuntu2.2+esm4
libkrad0 1.13.2+dfsg-5ubuntu2.2+esm4
libkrb5-3 1.13.2+dfsg-5ubuntu2.2+esm4
libkrb5support0 1.13.2+dfsg-5ubuntu2.2+esm4

Ubuntu 14.04 LTS (Available with Ubuntu Pro):
krb5-admin-server 1.12+dfsg-2ubuntu5.4+esm4
krb5-kdc 1.12+dfsg-2ubuntu5.4+esm4
krb5-kdc-ldap 1.12+dfsg-2ubuntu5.4+esm4
krb5-otp 1.12+dfsg-2ubuntu5.4+esm4
krb5-pkinit 1.12+dfsg-2ubuntu5.4+esm4
krb5-user 1.12+dfsg-2ubuntu5.4+esm4
libgssapi-krb5-2 1.12+dfsg-2ubuntu5.4+esm4
libgssrpc4 1.12+dfsg-2ubuntu5.4+esm4
libk5crypto3 1.12+dfsg-2ubuntu5.4+esm4
libkadm5clnt-mit9 1.12+dfsg-2ubuntu5.4+esm4
libkadm5srv-mit8 1.12+dfsg-2ubuntu5.4+esm4
libkadm5srv-mit9 1.12+dfsg-2ubuntu5.4+esm4
libkdb5-7 1.12+dfsg-2ubuntu5.4+esm4
libkrad0 1.12+dfsg-2ubuntu5.4+esm4
libkrb5-3 1.12+dfsg-2ubuntu5.4+esm4
libkrb5support0 1.12+dfsg-2ubuntu5.4+esm4

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6467-1

CVE-2023-36054

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6467-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here