Summary
Ubuntu Update for Linux kernel vulnerabilities USN-940-1
Solution
Please Install the Updated Packages.
Insight
It was discovered that Kerberos did not correctly free memory in the GSSAPI and kdb libraries. If a remote attacker were able to manipulate an application using these libraries carefully, the service could crash, leading to a denial of service. (Only Ubuntu 6.06 LTS was affected.) (CVE-2007-5902, CVE-2007-5971, CVE-2007-5972)
Joel Johnson, Brian Almeida, and Shawn Emery discovered that Kerberos did not correctly verify certain packet structures. An unauthenticated remote attacker could send specially crafted traffic to cause the KDC or kadmind services to crash, leading to a denial of service. (CVE-2010-1320, CVE-2010-1321)
Affected
krb5 vulnerabilities on Ubuntu 6.06 LTS ,
Ubuntu 8.04 LTS ,
Ubuntu 9.04 ,
Ubuntu 9.10
Severity
Classification
-
CVE CVE-2007-5902, CVE-2007-5971, CVE-2007-5972, CVE-2010-1320, CVE-2010-1321 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities