Executive Summary

Summary
Title krb5 vulnerabilities
Informations
Name USN-334-1 First vendor Publication 2006-08-16
Vendor Ubuntu Last vendor Modification 2006-08-16
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 7.2 Attack Range Local
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects the following Ubuntu releases:

Ubuntu 5.04 Ubuntu 5.10 Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 5.04:
krb5-clients 1.3.6-1ubuntu0.2
krb5-ftpd 1.3.6-1ubuntu0.2
krb5-rsh-server 1.3.6-1ubuntu0.2
krb5-user 1.3.6-1ubuntu0.2

Ubuntu 5.10:
krb5-clients 1.3.6-4ubuntu0.1
krb5-ftpd 1.3.6-4ubuntu0.1
krb5-rsh-server 1.3.6-4ubuntu0.1
krb5-user 1.3.6-4ubuntu0.1

Ubuntu 6.06 LTS:
krb5-clients 1.4.3-5ubuntu0.1
krb5-ftpd 1.4.3-5ubuntu0.1
krb5-rsh-server 1.4.3-5ubuntu0.1
krb5-user 1.4.3-5ubuntu0.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Michael Calmer and Marcus Meissner discovered that several krb5 tools did not check the return values from setuid() system calls. On systems that have configured user process limits, it may be possible for an attacker to cause setuid() to fail via resource starvation. In that situation, the tools will not reduce their privilege levels, and will continue operation as the root user.

By default, Ubuntu does not ship with user process limits.

Please note that these packages are not officially supported by Ubuntu (they are in the 'universe' component of the archive).

Original Source

Url : http://www.ubuntu.com/usn/USN-334-1

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-399 Resource Management Errors
50 % CWE-264 Permissions, Privileges, and Access Controls

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:9515
 
Oval ID: oval:org.mitre.oval:def:9515
Title: The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion.
Description: The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion.
Family: unix Class: vulnerability
Reference(s): CVE-2006-3083
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 5

OpenVAS Exploits

Date Description
2010-04-30 Name : Mandriva Update for netcdf MDVA-2010:129 (netcdf)
File : nvt/gb_mandriva_MDVA_2010_129.nasl
2009-02-27 Name : Fedora Update for krb5 FEDORA-2007-034
File : nvt/gb_fedora_2007_034_krb5_fc5.nasl
2009-02-27 Name : Fedora Update for krb5 FEDORA-2007-409
File : nvt/gb_fedora_2007_409_krb5_fc5.nasl
2009-02-27 Name : Fedora Update for krb5 FEDORA-2007-620
File : nvt/gb_fedora_2007_620_krb5_fc5.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200608-15 (MIT Kerberos 5)
File : nvt/glsa_200608_15.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200608-21 (Heimdal)
File : nvt/glsa_200608_21.nasl
2008-01-17 Name : Debian Security Advisory DSA 1146-1 (krb5)
File : nvt/deb_1146_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
27872 MIT Kerberos 5 ksu seteuid() Local Privilege Escalation

MIT Kerberos 5 contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the seteuid() call fails in the ksu program. This flaw may lead to a loss of confidentiality and/or integrity.
27871 MIT Kerberos 5 ftpd seteuid() Local Privilege Escalation

MIT Kerberos 5 contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the seteuid() call fails in the ftpd program. This flaw may lead to a loss of confidentiality and/or integrity.
27870 MIT Kerberos 5 v4rcp setuid() Local Privilege Escalation

MIT Kerberos 5 contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the setuid() call fails in the v4rcp program. This flaw may lead to a loss of confidentiality and/or integrity.
27869 MIT Kerberos 5 krshd setuid() Local Privilege Escalation

MIT Kerberos 5 contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the setuid() call fails in the krshd program. This flaw may lead to a loss of confidentiality and/or integrity.

Nessus® Vulnerability Scanner

Date Description
2007-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_krb5-apps-servers-1938.nasl - Type : ACT_GATHER_INFO
2007-11-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-329-1.nasl - Type : ACT_GATHER_INFO
2007-11-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-334-1.nasl - Type : ACT_GATHER_INFO
2007-10-17 Name : The remote openSUSE host is missing a security update.
File : suse_krb5-apps-clients-1937.nasl - Type : ACT_GATHER_INFO
2007-01-17 Name : The remote Fedora Core host is missing a security update.
File : fedora_2007-034.nasl - Type : ACT_GATHER_INFO
2006-12-16 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2006-139.nasl - Type : ACT_GATHER_INFO
2006-10-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1146.nasl - Type : ACT_GATHER_INFO
2006-08-30 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200608-21.nasl - Type : ACT_GATHER_INFO
2006-08-14 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200608-15.nasl - Type : ACT_GATHER_INFO
2006-08-10 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2006-0612.nasl - Type : ACT_GATHER_INFO
2006-08-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2006-0612.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 12:03:42
  • Multiple Updates