1. Ubuntu Security Notices
  2. USN-1233-1

USN-1233-1: Kerberos Vulnerabilities

Publication date

18 October 2011

Overview

Several denial of service issues were fixed in the Kerberos Key Distribution Center (KDC).

Releases

Packages

  • krb5 - MIT Kerberos Network Authentication Protocol

Details

Nalin Dahyabhai, Andrej Ota and Kyle Moffett discovered a NULL
pointer dereference in the KDC LDAP backend. An unauthenticated
remote attacker could use this to cause a denial of service. This
issue affected Ubuntu 11.10. (CVE-2011-1527)

Mark Deneen discovered that an assert() could be triggered in the
krb5_ldap_lockout_audit() function in the KDC LDAP backend and
the krb5_db2_lockout_audit() function in the KDC DB2 backend. An
unauthenticated remote attacker could use this to cause a denial of
service. (CVE-2011-1528)

It was discovered that a NULL pointer dereference could occur in the
lookup_lockout_policy() function in the KDC LDAP and DB2 backends.
An unauthenticated remote attacker could use this to cause a denial of
service. (CVE-2011-1529)

Nalin Dahyabhai, Andrej Ota and Kyle Moffett discovered a NULL
pointer dereference in the KDC LDAP backend. An unauthenticated
remote attacker could use this to cause a denial of service. This
issue affected Ubuntu 11.10. (CVE-2011-1527)

Mark Deneen discovered that an assert() could be triggered in the
krb5_ldap_lockout_audit() function in the KDC LDAP backend and
the krb5_db2_lockout_audit() function in the KDC DB2 backend. An
unauthenticated remote attacker could use this to cause a denial of
service. (CVE-2011-1528)

It was discovered that a NULL pointer dereference could occur in the
lookup_lockout_policy() function in the KDC LDAP and DB2 backends.
An unauthenticated remote attacker could use this to cause a denial of
service. (CVE-2011-1529)

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
11.10 oneiric krb5-kdc-ldap –  1.9.1+dfsg-1ubuntu1.1
krb5-kdc –  1.9.1+dfsg-1ubuntu1.1
11.04 natty krb5-kdc-ldap –  1.8.3+dfsg-5ubuntu2.2
krb5-kdc –  1.8.3+dfsg-5ubuntu2.2
10.10 maverick krb5-kdc-ldap –  1.8.1+dfsg-5ubuntu0.8
krb5-kdc –  1.8.1+dfsg-5ubuntu0.8
10.04 lucid krb5-kdc-ldap –  1.8.1+dfsg-2ubuntu0.10
krb5-kdc –  1.8.1+dfsg-2ubuntu0.10

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›