USN-881-1: Kerberos vulnerability

01-12-2010

Registered User

26,240, 27

Join Date: Sep 2000

Last Activity: 1 August 2008, 3:09 PM EDT

Posts: 26,240

Thanks Given: 0

Thanked 27 Times in 26 Posts

USN-881-1: Kerberos vulnerability

Referenced CVEs:
CVE-2009-4212

Description:
=========================================================== Ubuntu Security Notice USN-881-1 January 12, 2010 krb5 vulnerability CVE-2009-4212 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libkrb53 1.4.3-5ubuntu0.10 Ubuntu 8.04 LTS: libkrb53 1.6.dfsg.3~beta1-2ubuntu1.3 Ubuntu 8.10: libkrb53 1.6.dfsg.4~beta1-3ubuntu0.3 Ubuntu 9.04: libkrb53 1.6.dfsg.4~beta1-5ubuntu2.2 Ubuntu 9.10: libk5crypto3 1.7dfsg~beta3-1ubuntu0.3 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that Kerberos did not correctly handle invalid AES blocks. An unauthenticated remote attacker could send specially crafted traffic that would crash the KDC service, leading to a denial of service, or possibly execute arbitrary code with root privileges.

More...

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

KRB5-CONFIG(1) MIT Kerberos KRB5-CONFIG(1) NAME
krb5-config - tool for linking against MIT Kerberos libraries SYNOPSIS
krb5-config [--help | --all | --version | --vendor | --prefix | --exec-prefix | --defccname | --defktname | --defcktname | --cflags | --libs [libraries]] DESCRIPTION
krb5-config tells the application programmer what flags to use to compile and link programs against the installed Kerberos libraries. OPTIONS
--help prints a usage message. This is the default behavior when no options are specified. --all prints the version, vendor, prefix, and exec-prefix. --version prints the version number of the Kerberos installation. --vendor prints the name of the vendor of the Kerberos installation. --prefix prints the prefix for which the Kerberos installation was built. --exec-prefix prints the prefix for executables for which the Kerberos installation was built. --defccname prints the built-in default credentials cache location. --defktname prints the built-in default keytab location. --defcktname prints the built-in default client (initiator) keytab location. --cflags prints the compilation flags used to build the Kerberos installation. --libs [library] prints the compiler options needed to link against library. Allowed values for library are: +------------+------------------------------------------------+ |krb5 | Kerberos 5 applications (default) | +------------+------------------------------------------------+ |gssapi | GSSAPI applications with Kerberos 5 bindings | +------------+------------------------------------------------+ |kadm-client | Kadmin client | +------------+------------------------------------------------+ |kadm-server | Kadmin server | +------------+------------------------------------------------+ |kdb | Applications that access the Kerberos database | +------------+------------------------------------------------+ EXAMPLES
krb5-config is particularly useful for compiling against a Kerberos installation that was installed in a non-standard location. For exam- ple, a Kerberos installation that is installed in /opt/krb5/ but uses libraries in /usr/local/lib/ for text localization would produce the following output: shell% krb5-config --libs krb5 -L/opt/krb5/lib -Wl,-rpath -Wl,/opt/krb5/lib -L/usr/local/lib -lkrb5 -lk5crypto -lcom_err SEE ALSO
kerberos(1), cc(1) AUTHOR
MIT COPYRIGHT
1985-2013, MIT 1.11.3 KRB5-CONFIG(1)

Security Advisories (RSS)

USN-881-1: Kerberos vulnerability

LEARN ABOUT CENTOS

krb5-config