Details
Gaël Delalleau discovered a buffer overflow in the env_opt_add()
function of the Kerberos 4 and 5 telnet clients. By sending specially
crafted replies, a malicious telnet server could exploit this to
execute arbitrary code with the privileges of the user running the
telnet client. (CVE-2005-0468)
Gaël Delalleau discovered a buffer overflow in the handling of the
LINEMODE suboptions in the telnet clients of Kerberos 4 and 5. By
sending a specially constructed reply containing a large number of SLC
(Set Local Character) commands, a remote attacker (i. e. a malicious
telnet server) could execute arbitrary commands with the privileges of
the user running the telnet client. (CVE-2005-0469)
Daniel Wachdorf discovered two remote vulnerabilities in the Key
Distribution Center of Kerberos 5 (krb5-kdc). By sending certain TCP
connection requests, a remote...
Gaël Delalleau discovered a buffer overflow in the env_opt_add()
function of the Kerberos 4 and 5 telnet clients. By sending specially
crafted replies, a malicious telnet server could exploit this to
execute arbitrary code with the privileges of the user running the
telnet client. (CVE-2005-0468)
Gaël Delalleau discovered a buffer overflow in the handling of the
LINEMODE suboptions in the telnet clients of Kerberos 4 and 5. By
sending a specially constructed reply containing a large number of SLC
(Set Local Character) commands, a remote attacker (i. e. a malicious
telnet server) could execute arbitrary commands with the privileges of
the user running the telnet client. (CVE-2005-0469)
Daniel Wachdorf discovered two remote vulnerabilities in the Key
Distribution Center of Kerberos 5 (krb5-kdc). By sending certain TCP
connection requests, a remote attacker could trigger a double-freeing
of memory, which led to memory corruption and a crash of the KDC
server. (CVE-2005-1174). Under rare circumstances the same type of TCP
connection requests could also trigger a buffer overflow that could be
exploited to run arbitrary code with the privileges of the KDC server.
(CVE-2005-1175)
Magnus Hagander discovered that the krb5_recvauth() function attempted
to free previously freed memory in some situations. A remote attacker
could possibly exploit this to run arbitrary code with the privileges
of the program that called this function. Most imporantly, this
affects the following daemons: kpropd (from the krb5-kdc package),
klogind, and kshd (both from the krb5-rsh-server package).
(CVE-2005-1689)
Please note that these packages are not officially supported by Ubuntu
(they are in the 'universe' component of the archive).
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 5.04 hoary | krb5-rsh-server – | ||
| krb5-kdc – | |||
| krb5-clients – | |||
| krb5-telnetd – | |||
| kerberos4kth-clients – | |||
| 4.10 warty | krb5-rsh-server – | ||
| krb5-kdc – | |||
| krb5-clients – | |||
| krb5-telnetd – | |||
| kerberos4kth-clients – | |||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.