News

=========================================================== Ubuntu Security Notice USN-58-1 January 10, 2005 krb5 vulnerability CAN-2004-1189 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected: krb5-admin-server krb5-kdc libkadm55 libkrb53 The problem can be corrected by upgrading the affected package to version 1.3.4-3ubuntu0.1. In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Michael Tautschnig discovered a possible buffer overflow in the add_to_history() function in the MIT Kerberos 5 implementation. Performing a password change did not properly track the password policy's history count and the maximum number of keys. This could cause an array overflow and may have allowed authenticated users (not necessarily one with administrative privileges) to execute arbitrary code on the KDC host, compromising an entire Kerberos realm.