<<< Date Index >>>     <<< Thread Index >>>

[USN-408-1] krb5 vulnerability



=========================================================== 
Ubuntu Security Notice USN-408-1           January 15, 2007
krb5 vulnerability
CVE-2006-6143
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libkadm55                                1.4.3-5ubuntu0.2
  libkrb53                                 1.4.3-5ubuntu0.2

Ubuntu 6.10:
  libkadm55                                1.4.3-9ubuntu1.1
  libkrb53                                 1.4.3-9ubuntu1.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

The server-side portion of Kerberos' RPC library had a memory
management flaw which allowed users of that library to call a function
pointer located in unallocated memory. By doing specially crafted
calls to the kadmind server, a remote attacker could exploit this to
execute arbitrary code with root privileges on the target computer.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.3-5ubuntu0.2.diff.gz
      Size/MD5:  1447550 546659a7ce8758c26c33d0241adb992d
    http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.3-5ubuntu0.2.dsc
      Size/MD5:      848 ed669b2e38c5b3b6701401b99bbdb3cb
    http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.3.orig.tar.gz
      Size/MD5:  7279788 43fe621ecb849a83ee014dfb856c54af

  Architecture independent packages:

    
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-doc_1.4.3-5ubuntu0.2_all.deb
      Size/MD5:   852734 748a61c88e96abcc2fd922acdafbd56c

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-5ubuntu0.2_amd64.deb
      Size/MD5:    79686 a56316c071cbdae9f33b10166e204340
    
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-5ubuntu0.2_amd64.deb
      Size/MD5:   222738 173b8846edc4d84b0880b293ebd819f8
    
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-5ubuntu0.2_amd64.deb
      Size/MD5:    59876 11c96393564f5422e884cda60671688d
    
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-5ubuntu0.2_amd64.deb
      Size/MD5:   134570 c2fa98268d5c486988eae91040441720
    
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-5ubuntu0.2_amd64.deb
      Size/MD5:    84774 7dc407371c107d79c69ffe054f702ba7
    
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-5ubuntu0.2_amd64.deb
      Size/MD5:    67044 4a01011a78cf0c299df6b36384c0950b
    
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-5ubuntu0.2_amd64.deb
      Size/MD5:   129430 2acabc3bcb9323fa28a69e306694a1ec
    
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-5ubuntu0.2_amd64.deb
      Size/MD5:   190294 a4044fce177ca61f9b24ff9515443e5f
    
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-5ubuntu0.2_amd64.deb
      Size/MD5:   768212 bba4e4f35f90a58177f14d35d9fccf1e
    
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-5ubuntu0.2_amd64.deb
      Size/MD5:   425220 e16e7b2709af4fb8a88a0819cdfc1a40

  i386 architecture (x86 compatible Intel/AMD)

    
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-5ubuntu0.2_i386.deb
      Size/MD5:    71660 d38e87ecea34868e1dac394b9047c382
    
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-5ubuntu0.2_i386.deb
      Size/MD5:   186752 12424ad58c808a4867f0db0d014a34ec
    
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-5ubuntu0.2_i386.deb
      Size/MD5:    53844 3aa5f6a9ae2cb49659a0577ea972d0af
    
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-5ubuntu0.2_i386.deb
      Size/MD5:   121068 9a1fcd42b91849f0a4ce3c1614c3dbb9
    
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-5ubuntu0.2_i386.deb
      Size/MD5:    75438 9b264a66dff08d0206370a43058687d1
    
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-5ubuntu0.2_i386.deb
      Size/MD5:    58204 6e89a58b9d435c6e1422537a18da2dc1
    
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-5ubuntu0.2_i386.deb
      Size/MD5:   118528 82f62332c5bae9177ce1f356b824279e
    
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-5ubuntu0.2_i386.deb
      Size/MD5:   165130 0968da19d0bdac05e716825ba045f5e5
    
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-5ubuntu0.2_i386.deb
      Size/MD5:   646560 89ccbd05cda4887245d7d5c5cd77d383
    
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-5ubuntu0.2_i386.deb
      Size/MD5:   380650 8a8e6bebd4955809ef62a27cc7eb8918

  powerpc architecture (Apple Macintosh G3/G4/G5)

    
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-5ubuntu0.2_powerpc.deb
      Size/MD5:    79712 119d48198050bd5e24c711c895770bf0
    
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-5ubuntu0.2_powerpc.deb
      Size/MD5:   220080 3025e485a43fd6a67c6d7716f1efad63
    
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-5ubuntu0.2_powerpc.deb
      Size/MD5:    59084 97104b0dcfc3a4dacd5c1334766c488b
    
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-5ubuntu0.2_powerpc.deb
      Size/MD5:   135552 b1c5a4334633412e8c64d808b4a30280
    
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-5ubuntu0.2_powerpc.deb
      Size/MD5:    84632 b7a70d1cb0513523911248231bbcca82
    
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-5ubuntu0.2_powerpc.deb
      Size/MD5:    65420 9300e4d62e4dedad6ac85647fe157ee2
    
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-5ubuntu0.2_powerpc.deb
      Size/MD5:   134396 f07964b5364af26ac18bc4c37ff71e3f
    
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-5ubuntu0.2_powerpc.deb
      Size/MD5:   177082 8488709500858a66f07183a193a249e7
    
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-5ubuntu0.2_powerpc.deb
      Size/MD5:   751382 96e57442a0caa1e574f0581327fc9e1a
    
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-5ubuntu0.2_powerpc.deb
      Size/MD5:   395444 b672282f98601ebe9340f251d7e2dd46

  sparc architecture (Sun SPARC/UltraSPARC)

    
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-5ubuntu0.2_sparc.deb
      Size/MD5:    72292 ed56430a6017fe52fd34e8724ff5892d
    
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-5ubuntu0.2_sparc.deb
      Size/MD5:   196928 2dff67f37591eede7be792c836028920
    
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-5ubuntu0.2_sparc.deb
      Size/MD5:    55818 1de2f224962fd6e7f9a5a642995a2fb6
    
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-5ubuntu0.2_sparc.deb
      Size/MD5:   123914 871a22e98608033db8dbc3e85d18e430
    
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-5ubuntu0.2_sparc.deb
      Size/MD5:    76454 c8f134cee518c209e4f068d59e7bc90e
    
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-5ubuntu0.2_sparc.deb
      Size/MD5:    61752 e15353f761ff1b052ff790c3b22d9f03
    
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-5ubuntu0.2_sparc.deb
      Size/MD5:   120102 a72b86d5911ebf7d90454e20a5d3d6a7
    
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-5ubuntu0.2_sparc.deb
      Size/MD5:   164630 2ba7eb220cee2ef90c433520dc22bd1d
    
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-5ubuntu0.2_sparc.deb
      Size/MD5:   677878 53436fc167794aa6c7e4538156b279e4
    
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-5ubuntu0.2_sparc.deb
      Size/MD5:   368236 8cfe1fb1b04f054211103b96bd85d4d0

Updated packages for Ubuntu 6.10:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.3-9ubuntu1.1.diff.gz
      Size/MD5:  1468259 a89554ee72ae46193497b5fdb86359e5
    http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.3-9ubuntu1.1.dsc
      Size/MD5:      883 92b415a7e46614bc10a6fad2971a13a4
    http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.3.orig.tar.gz
      Size/MD5:  7279788 43fe621ecb849a83ee014dfb856c54af

  Architecture independent packages:

    
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-doc_1.4.3-9ubuntu1.1_all.deb
      Size/MD5:   853430 3958e9a508ef75081c289378ee06cb5d

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-9ubuntu1.1_amd64.deb
      Size/MD5:    81062 5e7b14c23de60189762b3776991256a3
    
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-9ubuntu1.1_amd64.deb
      Size/MD5:   223934 6cbf0f868012e01518617369f4c09d78
    
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-9ubuntu1.1_amd64.deb
      Size/MD5:    61134 c2420e53a8369ef1fb7150d8a486dd3c
    
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-9ubuntu1.1_amd64.deb
      Size/MD5:   138648 38ffe1ee542695b7e7110f752b02a735
    
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-9ubuntu1.1_amd64.deb
      Size/MD5:    86946 da6f24f2da9e84b2e13c0a296c8bdfcb
    
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-9ubuntu1.1_amd64.deb
      Size/MD5:    67556 711861722d5ef9e31d6d641076574df6
    
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-9ubuntu1.1_amd64.deb
      Size/MD5:   130170 53bf2f36db32694986426840efce7a63
    
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-9ubuntu1.1_amd64.deb
      Size/MD5:   190180 27a2f0cf1711ddf7498b20073363c5f6
    
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.4.3-9ubuntu1.1_amd64.deb
      Size/MD5:  1072552 d9f4df032a6d0b24d4b948cdc2a17ec3
    
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-9ubuntu1.1_amd64.deb
      Size/MD5:   771828 8a490a2198a58ccea514e43ab68bce88
    
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-9ubuntu1.1_amd64.deb
      Size/MD5:   427562 f60e228b07f072ee64e66d16b01c80c9

  i386 architecture (x86 compatible Intel/AMD)

    
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-9ubuntu1.1_i386.deb
      Size/MD5:    74768 07466ce7134858695cd2608f7d916bc9
    
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-9ubuntu1.1_i386.deb
      Size/MD5:   195996 77d746677df270dc89773c13f4231e98
    
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-9ubuntu1.1_i386.deb
      Size/MD5:    56642 33f6895466f028e4f7e60fe6d0102d7b
    
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-9ubuntu1.1_i386.deb
      Size/MD5:   128984 d57c3ae641ffc63cde21557c3db9355c
    
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-9ubuntu1.1_i386.deb
      Size/MD5:    79602 6be865799bcf85edb35c541df35b9245
    
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-9ubuntu1.1_i386.deb
      Size/MD5:    61366 e9c4b39d8228118d03d5df02123e437d
    
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-9ubuntu1.1_i386.deb
      Size/MD5:   121716 588addedfb49a64c09a8517740d039d9
    
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-9ubuntu1.1_i386.deb
      Size/MD5:   172370 b6674bf633bf623d54d53d8ee57120e5
    
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.4.3-9ubuntu1.1_i386.deb
      Size/MD5:  1024338 53cef35e866ba9bfa14ebb7727b10c9d
    
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-9ubuntu1.1_i386.deb
      Size/MD5:   672520 7c1313e3eb84a448479af34eda9a0233
    
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-9ubuntu1.1_i386.deb
      Size/MD5:   403646 b30ac3ba3dc11650ef9a74b5b1d9368a

  powerpc architecture (Apple Macintosh G3/G4/G5)

    
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-9ubuntu1.1_powerpc.deb
      Size/MD5:    81626 eb56ed7461f47af49023f2027d71a249
    
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-9ubuntu1.1_powerpc.deb
      Size/MD5:   222676 f847921d673ba513a11b2e4da26c6589
    
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-9ubuntu1.1_powerpc.deb
      Size/MD5:    61324 94d69c98e2439ead3b38757fb6503917
    
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-9ubuntu1.1_powerpc.deb
      Size/MD5:   140824 a3a2c75ca459aadf29db4af247832cac
    
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-9ubuntu1.1_powerpc.deb
      Size/MD5:    86812 8747cbb5e22b1611d0f35d413a29dfb8
    
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-9ubuntu1.1_powerpc.deb
      Size/MD5:    66622 e03d52dd334c788d3fb7583660ac25af
    
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-9ubuntu1.1_powerpc.deb
      Size/MD5:   136342 0048a761afaabaffb847273c88cb7758
    
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-9ubuntu1.1_powerpc.deb
      Size/MD5:   179554 59ca8bdf4afa0ea09432aaa2e53facf7
    
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.4.3-9ubuntu1.1_powerpc.deb
      Size/MD5:  1076132 98f942e3252e3f377cd24c03dfae7120
    
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-9ubuntu1.1_powerpc.deb
      Size/MD5:   757874 00cde304e78bdd85ca75454ae31f9056
    
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-9ubuntu1.1_powerpc.deb
      Size/MD5:   398636 15cd61e388f2e658709577c6c17ed9f4

  sparc architecture (Sun SPARC/UltraSPARC)

    
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-9ubuntu1.1_sparc.deb
      Size/MD5:    74648 a9d42678fb3d7d508c087ae7eb075eec
    
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-9ubuntu1.1_sparc.deb
      Size/MD5:   203198 2aeac236c8864c757a55870190918302
    
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-9ubuntu1.1_sparc.deb
      Size/MD5:    58498 22079ad35df8ceea0857319eb533ee35
    
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-9ubuntu1.1_sparc.deb
      Size/MD5:   129158 a5b36aeb90baba94d569f41d21f16548
    
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-9ubuntu1.1_sparc.deb
      Size/MD5:    79926 d889cf2987c8c48a6aef9b566ad14238
    
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-9ubuntu1.1_sparc.deb
      Size/MD5:    63040 6e9f3b3ad95536ee494d73e8ee3d252a
    
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-9ubuntu1.1_sparc.deb
      Size/MD5:   122238 bd59626426b7690742520d2151b58a3c
    
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-9ubuntu1.1_sparc.deb
      Size/MD5:   166480 fd69c12e642a168d39ce209c1647d433
    
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.4.3-9ubuntu1.1_sparc.deb
      Size/MD5:   957280 de94391f1d289fbe3c7639f8ca8cf303
    
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-9ubuntu1.1_sparc.deb
      Size/MD5:   684606 511b01e003f876bde73badddeda105ab
    
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-9ubuntu1.1_sparc.deb
      Size/MD5:   373600 66c24f51433ff5ce4670bc91f04a6187

Attachment: signature.asc
Description: Digital signature