5

USN-879-1: Kerberos vulnerability

view full story
linux-howto

http://www.ubuntu.com – Referenced CVEs:  CVE-2009-3295 Description:  =========================================================== Ubuntu Security Notice USN-879-1 January 06, 2010 krb5 vulnerability CVE-2009-3295 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 9.10: krb5-kdc 1.7dfsg~beta3-1ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Jeff Blaine, Radoslav Bodo, Jakob Haufe, and Jorgen Wahlsten discovered that the Kerberos Key Distribution Center service did not correctly verify certain network traffic. An unauthenticated remote attacker could send a specially crafted request that would cause the KDC to crash, leading to a denial of service. (Distributions)