Lucene search
UbuntuUSN-881-1HistoryJan 12, 2010 - 12:00 a.m.
Kerberos vulnerability
2010-01-1200:00:00
ubuntu.com
37
7.5 High
AI Score
Confidence
High
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.121 Low
EPSS
Percentile
95.3%
Releases
- Ubuntu 9.10
- Ubuntu 9.04
- Ubuntu 8.10
- Ubuntu 8.04
- Ubuntu 6.06
Packages
- krb5 -
Details
It was discovered that Kerberos did not correctly handle invalid AES
blocks. An unauthenticated remote attacker could send specially crafted
traffic that would crash the KDC service, leading to a denial of service,
or possibly execute arbitrary code with root privileges.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 9.10 | noarch | libk5crypto3 | < 1.7dfsg~beta3-1ubuntu0.3 | UNKNOWN |
| Ubuntu | 9.10 | noarch | krb5-admin-server | < 1.7dfsg~beta3-1ubuntu0.3 | UNKNOWN |
| Ubuntu | 9.10 | noarch | krb5-clients | < 1.7dfsg~beta3-1ubuntu0.3 | UNKNOWN |
| Ubuntu | 9.10 | noarch | krb5-ftpd | < 1.7dfsg~beta3-1ubuntu0.3 | UNKNOWN |
| Ubuntu | 9.10 | noarch | krb5-kdc | < 1.7dfsg~beta3-1ubuntu0.3 | UNKNOWN |
| Ubuntu | 9.10 | noarch | krb5-kdc-ldap | < 1.7dfsg~beta3-1ubuntu0.3 | UNKNOWN |
| Ubuntu | 9.10 | noarch | krb5-pkinit | < 1.7dfsg~beta3-1ubuntu0.3 | UNKNOWN |
| Ubuntu | 9.10 | noarch | krb5-rsh-server | < 1.7dfsg~beta3-1ubuntu0.3 | UNKNOWN |
| Ubuntu | 9.10 | noarch | krb5-telnetd | < 1.7dfsg~beta3-1ubuntu0.3 | UNKNOWN |
| Ubuntu | 9.10 | noarch | krb5-user | < 1.7dfsg~beta3-1ubuntu0.3 | UNKNOWN |
References
Related
openvas
openvas
CentOS Update for krb5-devel CESA-2010:0029 centos4 i386
2010-01-19 00:00:00
CentOS Update for krb5-devel CESA-2010:0029 centos5 i386
2011-08-09 00:00:00
CentOS Update for krb5-devel CESA-2010:0029 centos3 x86_64
2010-01-19 00:00:00
securityvulns
securityvulns
MIT Kerberos 5 integer overflows
2010-01-17 00:00:00
fedora
fedora
[SECURITY] Fedora 11 Update: krb5-1.6.3-23.fc11
2010-01-14 01:24:35
[SECURITY] Fedora 12 Update: krb5-1.7-18.fc12
2010-01-14 01:23:01
[SECURITY] Fedora 11 Update: krb5-1.6.3-29.fc11
2010-04-09 01:42:04
nessus
nessus
Oracle Linux 3 / 4 / 5 : krb5 (ELSA-2010-0029)
2013-07-12 00:00:00
Scientific Linux Security Update : krb5 on SL3.x, SL4.x, SL5.x i386/x86_64
2012-08-01 00:00:00
CentOS 3 / 4 / 5 : krb5 (CESA-2010:0029)
2010-01-13 00:00:00
osv
osv
krb5 - denial of service
2010-01-12 00:00:00
centos
centos
krb5 security update
2010-01-13 00:51:06
ubuntucve
ubuntucve
CVE-2009-4212
2010-01-12 00:00:00
redhat
redhat
(RHSA-2010:0029) Critical: krb5 security update
2010-01-12 00:00:00
(RHSA-2010:0095) Important: rhev-hypervisor security and bug fix update
2010-02-09 00:00:00
debian
debian
[SECURITY] [DSA-1969-1] New krb5 packages fix denial of service
2010-01-12 21:36:58
oraclelinux
oraclelinux
krb5 security update
2010-01-12 00:00:00
prion
prion
Integer overflow
2010-01-13 19:30:00
veracode
veracode
Arbitary Code Execution
2020-04-10 00:46:44
cve
cve
CVE-2009-4212
2010-01-13 19:30:00
debiancve
debiancve
CVE-2009-4212
2010-01-13 19:30:00
suse
suse
remote code execution in krb5
2010-01-19 17:05:33
vmware
vmware
VMware ESXi and ESX third party updates for Service Console and Likewise components
2010-11-15 00:00:00
VMware ESXi and ESX third party updates for Service Console and Likewise components
2010-11-15 00:00:00
ESXi utilities and ESX Service Console third party updates
2010-05-27 00:00:00
gentoo
gentoo
MIT Kerberos 5: Multiple vulnerabilities
2012-01-23 00:00:00
7.5 High
AI Score
Confidence
High
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.121 Low
EPSS
Percentile
95.3%
Related for USN-881-1