Ubuntu Fixes Kerberos Bug With New Packages

There’s a vulnerability in the Kerberos implementation in several versions of Ubuntu, which could allow an attacker to cause a denial-of-service on vulnerable servers. The bug is in Ubuntu 8.04, Ubuntu 9.10, Ubuntu 10.04 and Ubuntu 10.10.

UbuntuThere’s a vulnerability in the Kerberos implementation in several versions of Ubuntu, which could allow an attacker to cause a denial-of-service on vulnerable servers. The bug is in Ubuntu 8.04, Ubuntu 9.10, Ubuntu 10.04 and Ubuntu 10.10.

The bug is in the Ubuntu implementation of the Kerberos authentication protocol. Ubuntu has released a slew of new packages to fix the flaw. The group said that in most cases, a normal system update will add the new fixes.

From the Ubuntu advisory:

Keiichi Mori discovered that the MIT krb5 KDC database propagation
daemon (kpropd) is vulnerable to a denial of service attack due
to improper logic when a worker child process exited because
of invalid network input. This could only occur when kpropd is
running in standalone mode; kpropd was not affected when running in
incremental propagation mode (“iprop”) or as an inetd server. This
issue only affects Ubuntu 9.10, Ubuntu 10.04 LTS, and Ubuntu
10.10. (CVE-2010-4022)

Kevin Longfellow and others discovered that the MIT krb5 Key
Distribution Center (KDC) daemon is vulnerable to denial of service
attacks when using an LDAP back end due to improper handling of
network input. (CVE-2011-0281, CVE-2011-0282)

Kerberos is a key authentication protocol that’s used in a huge number of open-source and commercial products.

Suggested articles

Discussion

  • Anonymous on

    mostly in China and the U.S., but Cheap Air Max also in Hong Kong and Singapore as well. The  Air Max 2011 victims include the gaming sites and online stores Air Max Tailwind common targets of DDOS attacks, which are used to knock the sites offline and extract protection payments from site operators.Air Max 24-7 But JKDDOS is also targeting large investment firms,

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.