Ubuntu 14.04 LTS : Kerberos vulnerabilities (USN-2810-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2810-1 advisory. It was discovered that the Kerberos kpasswd service incorrectly handled certain UDP packets. A remote attacker could possibly use this issue to cause...

CVE-2015-2694

MIT Kerberos 5 (krb5) 1.12.x and 1.13.x prior to 1.13.2 are vulnerable due to the kdcpreauth modules (OTP and PKINIT) not tracking client validation, enabling a remote attacker to bypass requires_preauth by submitting zero bytes or an arbitrary realm name. This can lead to obtaining a ciphertext ...