Detections
Analytics
Ubuntu 4.10 / 5.04 : krb4, krb5 vulnerabilities (USN-224-1)
high Nessus Plugin ID 20767
Synopsis
The remote Ubuntu host is missing one or more security-related patches.Description
Gael Delalleau discovered a buffer overflow in the env_opt_add() function of the Kerberos 4 and 5 telnet clients. By sending specially crafted replies, a malicious telnet server could exploit this to execute arbitrary code with the privileges of the user running the telnet client. (CVE-2005-0468)Gael Delalleau discovered a buffer overflow in the handling of the LINEMODE suboptions in the telnet clients of Kerberos 4 and 5. By sending a specially constructed reply containing a large number of SLC (Set Local Character) commands, a remote attacker (i. e. a malicious telnet server) could execute arbitrary commands with the privileges of the user running the telnet client. (CVE-2005-0469)
Daniel Wachdorf discovered two remote vulnerabilities in the Key Distribution Center of Kerberos 5 (krb5-kdc). By sending certain TCP connection requests, a remote attacker could trigger a double-freeing of memory, which led to memory corruption and a crash of the KDC server. (CVE-2005-1174). Under rare circumstances the same type of TCP connection requests could also trigger a buffer overflow that could be exploited to run arbitrary code with the privileges of the KDC server.
(CVE-2005-1175)
Magnus Hagander discovered that the krb5_recvauth() function attempted to free previously freed memory in some situations. A remote attacker could possibly exploit this to run arbitrary code with the privileges of the program that called this function. Most imporantly, this affects the following daemons: kpropd (from the krb5-kdc package), klogind, and kshd (both from the krb5-rsh-server package).
(CVE-2005-1689)
Please note that these packages are not officially supported by Ubuntu (they are in the 'universe' component of the archive).
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
Solution
Update the affected packages.Plugin Details
Severity: High
ID: 20767
File Name: ubuntu_USN-224-1.nasl
Version: 1.17
Type: local
Agent: unix
Family: Ubuntu Local Security Checks
Published: 1/21/2006
Updated: 1/19/2021
Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 7.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: p-cpe:/a:canonical:ubuntu_linux:libkrb5-dev, p-cpe:/a:canonical:ubuntu_linux:libkrb53, p-cpe:/a:canonical:ubuntu_linux:libkthacl1-kerberos4kth, p-cpe:/a:canonical:ubuntu_linux:libotp0-kerberos4kth, p-cpe:/a:canonical:ubuntu_linux:libroken16-kerberos4kth, p-cpe:/a:canonical:ubuntu_linux:libsl0-kerberos4kth, p-cpe:/a:canonical:ubuntu_linux:libss0-kerberos4kth, cpe:/o:canonical:ubuntu_linux:4.10, cpe:/o:canonical:ubuntu_linux:5.04, p-cpe:/a:canonical:ubuntu_linux:kerberos4kth-clients, p-cpe:/a:canonical:ubuntu_linux:kerberos4kth-clients-x, p-cpe:/a:canonical:ubuntu_linux:kerberos4kth-dev, p-cpe:/a:canonical:ubuntu_linux:kerberos4kth-docs, p-cpe:/a:canonical:ubuntu_linux:kerberos4kth-kdc, p-cpe:/a:canonical:ubuntu_linux:kerberos4kth-kip, p-cpe:/a:canonical:ubuntu_linux:kerberos4kth-servers, p-cpe:/a:canonical:ubuntu_linux:kerberos4kth-servers-x, p-cpe:/a:canonical:ubuntu_linux:kerberos4kth-services, p-cpe:/a:canonical:ubuntu_linux:kerberos4kth-user, p-cpe:/a:canonical:ubuntu_linux:kerberos4kth-x11, p-cpe:/a:canonical:ubuntu_linux:kerberos4kth1, p-cpe:/a:canonical:ubuntu_linux:krb5-admin-server, p-cpe:/a:canonical:ubuntu_linux:krb5-clients, p-cpe:/a:canonical:ubuntu_linux:krb5-doc, p-cpe:/a:canonical:ubuntu_linux:krb5-ftpd, p-cpe:/a:canonical:ubuntu_linux:krb5-kdc, p-cpe:/a:canonical:ubuntu_linux:krb5-rsh-server, p-cpe:/a:canonical:ubuntu_linux:krb5-telnetd, p-cpe:/a:canonical:ubuntu_linux:krb5-user, p-cpe:/a:canonical:ubuntu_linux:libkadm1-kerberos4kth, p-cpe:/a:canonical:ubuntu_linux:libkadm55, p-cpe:/a:canonical:ubuntu_linux:libkafs0-kerberos4kth, p-cpe:/a:canonical:ubuntu_linux:libkdb-1-kerberos4kth, p-cpe:/a:canonical:ubuntu_linux:libkrb-1-kerberos4kth
Required KB Items: Host/cpu, Host/Ubuntu, Host/Ubuntu/release, Host/Debian/dpkg-l
Patch Publication Date: 12/6/2005
Reference Information
CVE: CVE-2005-0468, CVE-2005-0469, CVE-2005-1174, CVE-2005-1175, CVE-2005-1689