Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in Kerberos
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Kerberos
ID: USN-1233-1
Distribution: Ubuntu
Plattformen: Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04, Ubuntu 11.10
Datum: Mi, 19. Oktober 2011, 08:13
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1528
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1529
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1527
Applikationen: MIT Kerberos

Originalnachricht


--===============4705368634901708904==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="kVXhAStRUZ/+rrGn"
Content-Disposition: inline


--kVXhAStRUZ/+rrGn
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-1233-1
October 18, 2011

krb5 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS

Summary:

Several denial of service issues were fixed in the Kerberos Key
Distribution Center (KDC).

Software Description:
- krb5: MIT Kerberos Network Authentication Protocol

Details:

Nalin Dahyabhai, Andrej Ota and Kyle Moffett discovered a NULL
pointer dereference in the KDC LDAP backend. An unauthenticated
remote attacker could use this to cause a denial of service. This
issue affected Ubuntu 11.10. (CVE-2011-1527)

Mark Deneen discovered that an assert() could be triggered in the
krb5_ldap_lockout_audit() function in the KDC LDAP backend and
the krb5_db2_lockout_audit() function in the KDC DB2 backend. An
unauthenticated remote attacker could use this to cause a denial of
service. (CVE-2011-1528)

It was discovered that a NULL pointer dereference could occur in the
lookup_lockout_policy() function in the KDC LDAP and DB2 backends.
An unauthenticated remote attacker could use this to cause a denial of
service. (CVE-2011-1529)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.10:
krb5-kdc 1.9.1+dfsg-1ubuntu1.1
krb5-kdc-ldap 1.9.1+dfsg-1ubuntu1.1

Ubuntu 11.04:
krb5-kdc 1.8.3+dfsg-5ubuntu2.2
krb5-kdc-ldap 1.8.3+dfsg-5ubuntu2.2

Ubuntu 10.10:
krb5-kdc 1.8.1+dfsg-5ubuntu0.8
krb5-kdc-ldap 1.8.1+dfsg-5ubuntu0.8

Ubuntu 10.04 LTS:
krb5-kdc 1.8.1+dfsg-2ubuntu0.10
krb5-kdc-ldap 1.8.1+dfsg-2ubuntu0.10

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1233-1
CVE-2011-1527, CVE-2011-1528, CVE-2011-1529

Package Information:
https://launchpad.net/ubuntu/+source/krb5/1.9.1+dfsg-1ubuntu1.1
https://launchpad.net/ubuntu/+source/krb5/1.8.3+dfsg-5ubuntu2.2
https://launchpad.net/ubuntu/+source/krb5/1.8.1+dfsg-5ubuntu0.8
https://launchpad.net/ubuntu/+source/krb5/1.8.1+dfsg-2ubuntu0.10


--kVXhAStRUZ/+rrGn
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCgAGBQJOnhAQAAoJEC8Jno0AXoH0V8QP/ApmUCWP6uYkvo5Ikabc2+65
mQqdJ9yt2Kehnr82eZ4qCtx/V4aLWmyf5RfB/RXTmoGzr13UKYSIhX5q9zYB7Bls
ZJO4WXIBkIXodxLvrTcE/J2djOZx00zwdcw7XPoPCCrZx+YghQa7j+3hAuNn8lGR
iBuWa0ZpL7XS2zbnGb9bXDoz8OZAKt5/PUEKpolL7oIHVQZ7aUZMTr86ubAiTlbv
G825ROFviDep1xqTmklFZ6/Ks8mjGIlVF22q8rhJQQfZ4GNItDkql4rKilpp/AId
CReJV7BEG1Sug9PYpzPTw8DmYOUoXL/nOwkvSccWXXvCJnaBVHqmu4I1TFmagFUc
d9nO0z9e7LHS6wcMG/dr8HEioByxF4YsDwYzFOnZnELP2kM7R4FYRgBRY4zzokJx
5VIPzpPJESiarexnnuWTGqrqMNkwKTcsTVgsdnDQ0gCkgF0WPUCc+o+ff4kAY5Uk
x9gzbru2RFSB2SOs3d3CgPrfIJcdLpQm+VnfCeMnQn0tyoa7g2dy1Ahy9ztoksoC
nxbjYqvfiPDvrarnESnQ0XdqNL2HAYCyuG+2RTZJqX1y1TwufbGL8zDwBxzJxNfr
kRYYIEH88P6guryF7Q+j5JYNudifYAE28T6McLmv2gFx1/kBpW7VeJXdavXfd/Z6
nVGO7rDcclaU5MhDJrdd
=he8H
-----END PGP SIGNATURE-----

--kVXhAStRUZ/+rrGn--


--===============4705368634901708904==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============4705368634901708904==--
Pro-Linux
Pro-Linux @Twitter
Neue Nachrichten
Werbung