Dark Star
Cyborg Agent
*www.imgx.org/pfiles/848/ubuntu.pngUbuntu development team announced yesterday a security vulnerability in the Kerberos packages. The team discovered that the libraries handling RPCSEC_GSS did not correctly validate the size of certain packet structures. Therefore, an unauthenticated remote user had the ability to send a specially crafted request and execute an arbitrary code with root privileges. The security issue affects the following Ubuntu releases:
And it also applies to the corresponding versions of Kubuntu, Edubuntu and Xubuntu distributions.
For Ubuntu 6.06 LTS:
For Ubuntu 6.10:
For Ubuntu 7.04:
Source : USN-511-1: Kerberos vulnerability | Ubuntu
- Ubuntu 6.06 LTS (Dapper Drake)
- Ubuntu 6.10 (Edgy Eft)
- Ubuntu 7.04 (Feisty Fawn)
And it also applies to the corresponding versions of Kubuntu, Edubuntu and Xubuntu distributions.
For Ubuntu 6.06 LTS:
- libkadm55 1.4.3-5ubuntu0.5
- librpcsecgss1 0.7-0ubuntu1.1
For Ubuntu 6.10:
- libkadm55 1.4.3-9ubuntu1.4
- librpcsecgss2 0.13-2ubuntu0.1
For Ubuntu 7.04:
- libkadm55 1.4.4-5ubuntu3.2
- librpcsecgss3 0.14-2ubuntu1.1
Source : USN-511-1: Kerberos vulnerability | Ubuntu
