Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

USN-916-1: Kerberos vulnerabilities

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) USN-916-1: Kerberos vulnerabilities
# 1  
Old 03-23-2010
USN-916-1: Kerberos vulnerabilities
Referenced CVEs:
CVE-2010-0283, CVE-2010-0628


Description:
=========================================================== Ubuntu Security Notice USN-916-1 March 23, 2010 krb5 vulnerabilities CVE-2010-0283, CVE-2010-0628 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 9.10: krb5-kdc 1.7dfsg~beta3-1ubuntu0.5 libgssapi-krb5-2 1.7dfsg~beta3-1ubuntu0.5 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Emmanuel Bouillon discovered that Kerberos did not correctly handle certain message types. An unauthenticated remote attacker could send specially crafted traffic to cause the KDC to crash, leading to a denial of service. (CVE-2010-0283) Nalin Dahyabhai, Jan iankko Lieskovsky, and Zbysek Mraz discovered that Kerberos did not correctly handle certain GSS packets. An unauthenticated remote attacker could send specially crafted traffic that would cause services using GSS-API to crash, leading to a denial of service. (CVE-2010-0628)





More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

krb524_convert_creds_kdc_ccache

KRB524_CONVERT_CREDS_KDC(3)				   BSD Library Functions Manual 			       KRB524_CONVERT_CREDS_KDC(3)

NAME

     krb524_convert_creds_kdc, krb524_convert_creds_kdc_ccache -- converts Kerberos 5 credentials to Kerberos 4 credentials

LIBRARY

     Kerberos 5 Library (libkrb5, -lkrb5)

SYNOPSIS

     #include <krb5.h>

     krb5_error_code
     krb524_convert_creds_kdc(krb5_context context, krb5_creds *in_cred, struct credentials *v4creds);

     krb5_error_code
     krb524_convert_creds_kdc_ccache(krb5_context context, krb5_ccache ccache, krb5_creds *in_cred, struct credentials *v4creds);

DESCRIPTION

     Convert the Kerberos 5 credential to Kerberos 4 credential.  This is done by sending them to the 524 service in the KDC.

     krb524_convert_creds_kdc() converts the Kerberos 5 credential in in_cred to Kerberos 4 credential that is stored in credentials.

     krb524_convert_creds_kdc_ccache() is different from krb524_convert_creds_kdc() in that way that if in_cred doesn't contain a DES session key,
     then a new one is fetched from the KDC and stored in the cred cache ccache, and then the KDC is queried to convert the credential.

     This interfaces are used to make the migration to Kerberos 5 from Kerberos 4 easier.  There are few services that still need Kerberos 4, and
     this is mainly for compatibility for those services.  Some services, like AFS, really have Kerberos 5 supports, but still uses the 524 inter-
     face to make the migration easier.

SEE ALSO

     krb5(3), krb5.conf(5)

HEIMDAL 
							  March 20, 2004							   HEIMDAL