UbuntuUSN-587-1Kerberos vulnerabilities
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
98.1%
Releases
- Ubuntu 7.10
- Ubuntu 7.04
- Ubuntu 6.10
- Ubuntu 6.06
Packages
- krb5 -
Details
It was discovered that krb5 did not correctly handle certain krb4
requests. An unauthenticated remote attacker could exploit this flaw
by sending a specially crafted traffic, which could expose sensitive
information, cause a crash, or execute arbitrary code. (CVE-2008-0062,
CVE-2008-0063)
A flaw was discovered in the kadmind serviceβs handling of file
descriptors. An unauthenticated remote attacker could send specially
crafted requests that would cause a crash, resulting in a denial of
service. Only systems with configurations allowing large numbers of
open file descriptors were vulnerable. (CVE-2008-0947)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 7.10 | noarch | libkrb53 | <Β 1.6.dfsg.1-7ubuntu0.1 | UNKNOWN |
| Ubuntu | 7.10 | noarch | krb5-admin-server | <Β 1.6.dfsg.1-7ubuntu0.1 | UNKNOWN |
| Ubuntu | 7.10 | noarch | krb5-clients | <Β 1.6.dfsg.1-7ubuntu0.1 | UNKNOWN |
| Ubuntu | 7.10 | noarch | krb5-ftpd | <Β 1.6.dfsg.1-7ubuntu0.1 | UNKNOWN |
| Ubuntu | 7.10 | noarch | krb5-kdc | <Β 1.6.dfsg.1-7ubuntu0.1 | UNKNOWN |
| Ubuntu | 7.10 | noarch | krb5-rsh-server | <Β 1.6.dfsg.1-7ubuntu0.1 | UNKNOWN |
| Ubuntu | 7.10 | noarch | krb5-telnetd | <Β 1.6.dfsg.1-7ubuntu0.1 | UNKNOWN |
| Ubuntu | 7.10 | noarch | krb5-user | <Β 1.6.dfsg.1-7ubuntu0.1 | UNKNOWN |
| Ubuntu | 7.10 | noarch | libkadm55 | <Β 1.6.dfsg.1-7ubuntu0.1 | UNKNOWN |
| Ubuntu | 7.10 | noarch | libkrb5-dbg | <Β 1.6.dfsg.1-7ubuntu0.1 | UNKNOWN |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
98.1%