Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-6947-1

Ubuntu Security Notice 6947-1 - It was discovered that Kerberos incorrectly handled GSS message tokens where an unwrapped token could appear to be truncated. An attacker could possibly use this issue to cause a denial of service. It was discovered that Kerberos incorrectly handled GSS message tokens when sent a token with invalid length fields. An attacker could possibly use this issue to cause a denial of service.

Packet Storm
#vulnerability#ubuntu#dos#ldap#auth#sap

==========================================================================

Ubuntu Security Notice USN-6947-1
August 08, 2024

krb5 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 24.04 LTS
  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS

Summary:

Kerberos could be made to crash if it received specially crafted
input.

Software Description:

  • krb5: MIT Kerberos Network Authentication Protocol

Details:

It was discovered that Kerberos incorrectly handled GSS message tokens
where an unwrapped token could appear to be truncated. An attacker
could possibly use this issue to cause a denial of service.
(CVE-2024-37370)

It was discovered that Kerberos incorrectly handled GSS message tokens
when sent a token with invalid length fields. An attacker could possibly
use this issue to cause a denial of service. (CVE-2024-37371)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
krb5-admin-server 1.20.1-6ubuntu2.1
krb5-kdc 1.20.1-6ubuntu2.1
krb5-kdc-ldap 1.20.1-6ubuntu2.1
krb5-otp 1.20.1-6ubuntu2.1
krb5-pkinit 1.20.1-6ubuntu2.1
krb5-user 1.20.1-6ubuntu2.1
libgssapi-krb5-2 1.20.1-6ubuntu2.1
libgssrpc4t64 1.20.1-6ubuntu2.1
libk5crypto3 1.20.1-6ubuntu2.1
libkadm5clnt-mit12 1.20.1-6ubuntu2.1
libkadm5srv-mit12 1.20.1-6ubuntu2.1
libkdb5-10t64 1.20.1-6ubuntu2.1
libkrad0 1.20.1-6ubuntu2.1
libkrb5-3 1.20.1-6ubuntu2.1
libkrb5support0 1.20.1-6ubuntu2.1

Ubuntu 22.04 LTS
krb5-admin-server 1.19.2-2ubuntu0.4
krb5-kdc 1.19.2-2ubuntu0.4
krb5-kdc-ldap 1.19.2-2ubuntu0.4
krb5-otp 1.19.2-2ubuntu0.4
krb5-pkinit 1.19.2-2ubuntu0.4
krb5-user 1.19.2-2ubuntu0.4
libgssapi-krb5-2 1.19.2-2ubuntu0.4
libgssrpc4 1.19.2-2ubuntu0.4
libk5crypto3 1.19.2-2ubuntu0.4
libkadm5clnt-mit12 1.19.2-2ubuntu0.4
libkadm5srv-mit12 1.19.2-2ubuntu0.4
libkdb5-10 1.19.2-2ubuntu0.4
libkrad0 1.19.2-2ubuntu0.4
libkrb5-3 1.19.2-2ubuntu0.4
libkrb5support0 1.19.2-2ubuntu0.4

Ubuntu 20.04 LTS
krb5-admin-server 1.17-6ubuntu4.6
krb5-kdc 1.17-6ubuntu4.6
krb5-kdc-ldap 1.17-6ubuntu4.6
krb5-otp 1.17-6ubuntu4.6
krb5-pkinit 1.17-6ubuntu4.6
krb5-user 1.17-6ubuntu4.6
libgssapi-krb5-2 1.17-6ubuntu4.6
libgssrpc4 1.17-6ubuntu4.6
libk5crypto3 1.17-6ubuntu4.6
libkadm5clnt-mit11 1.17-6ubuntu4.6
libkadm5srv-mit11 1.17-6ubuntu4.6
libkdb5-9 1.17-6ubuntu4.6
libkrad0 1.17-6ubuntu4.6
libkrb5-3 1.17-6ubuntu4.6
libkrb5support0 1.17-6ubuntu4.6

Ubuntu 18.04 LTS
krb5-admin-server 1.16-2ubuntu0.4+esm2
Available with Ubuntu Pro
krb5-kdc 1.16-2ubuntu0.4+esm2
Available with Ubuntu Pro
krb5-kdc-ldap 1.16-2ubuntu0.4+esm2
Available with Ubuntu Pro
krb5-otp 1.16-2ubuntu0.4+esm2
Available with Ubuntu Pro
krb5-pkinit 1.16-2ubuntu0.4+esm2
Available with Ubuntu Pro
krb5-user 1.16-2ubuntu0.4+esm2
Available with Ubuntu Pro
libgssapi-krb5-2 1.16-2ubuntu0.4+esm2
Available with Ubuntu Pro
libgssrpc4 1.16-2ubuntu0.4+esm2
Available with Ubuntu Pro
libk5crypto3 1.16-2ubuntu0.4+esm2
Available with Ubuntu Pro
libkadm5clnt-mit11 1.16-2ubuntu0.4+esm2
Available with Ubuntu Pro
libkadm5srv-mit11 1.16-2ubuntu0.4+esm2
Available with Ubuntu Pro
libkdb5-9 1.16-2ubuntu0.4+esm2
Available with Ubuntu Pro
libkrad0 1.16-2ubuntu0.4+esm2
Available with Ubuntu Pro
libkrb5-3 1.16-2ubuntu0.4+esm2
Available with Ubuntu Pro
libkrb5support0 1.16-2ubuntu0.4+esm2
Available with Ubuntu Pro

Ubuntu 16.04 LTS
krb5-admin-server 1.13.2+dfsg-5ubuntu2.2+esm5
Available with Ubuntu Pro
krb5-kdc 1.13.2+dfsg-5ubuntu2.2+esm5
Available with Ubuntu Pro
krb5-kdc-ldap 1.13.2+dfsg-5ubuntu2.2+esm5
Available with Ubuntu Pro
krb5-otp 1.13.2+dfsg-5ubuntu2.2+esm5
Available with Ubuntu Pro
krb5-pkinit 1.13.2+dfsg-5ubuntu2.2+esm5
Available with Ubuntu Pro
krb5-user 1.13.2+dfsg-5ubuntu2.2+esm5
Available with Ubuntu Pro
libgssapi-krb5-2 1.13.2+dfsg-5ubuntu2.2+esm5
Available with Ubuntu Pro
libgssrpc4 1.13.2+dfsg-5ubuntu2.2+esm5
Available with Ubuntu Pro
libk5crypto3 1.13.2+dfsg-5ubuntu2.2+esm5
Available with Ubuntu Pro
libkadm5clnt-mit9 1.13.2+dfsg-5ubuntu2.2+esm5
Available with Ubuntu Pro
libkadm5srv-mit9 1.13.2+dfsg-5ubuntu2.2+esm5
Available with Ubuntu Pro
libkdb5-8 1.13.2+dfsg-5ubuntu2.2+esm5
Available with Ubuntu Pro
libkrad0 1.13.2+dfsg-5ubuntu2.2+esm5
Available with Ubuntu Pro
libkrb5-3 1.13.2+dfsg-5ubuntu2.2+esm5
Available with Ubuntu Pro
libkrb5support0 1.13.2+dfsg-5ubuntu2.2+esm5
Available with Ubuntu Pro

Ubuntu 14.04 LTS
krb5-admin-server 1.12+dfsg-2ubuntu5.4+esm5
Available with Ubuntu Pro
krb5-kdc 1.12+dfsg-2ubuntu5.4+esm5
Available with Ubuntu Pro
krb5-kdc-ldap 1.12+dfsg-2ubuntu5.4+esm5
Available with Ubuntu Pro
krb5-otp 1.12+dfsg-2ubuntu5.4+esm5
Available with Ubuntu Pro
krb5-pkinit 1.12+dfsg-2ubuntu5.4+esm5
Available with Ubuntu Pro
krb5-user 1.12+dfsg-2ubuntu5.4+esm5
Available with Ubuntu Pro
libgssapi-krb5-2 1.12+dfsg-2ubuntu5.4+esm5
Available with Ubuntu Pro
libgssrpc4 1.12+dfsg-2ubuntu5.4+esm5
Available with Ubuntu Pro
libk5crypto3 1.12+dfsg-2ubuntu5.4+esm5
Available with Ubuntu Pro
libkadm5clnt-mit9 1.12+dfsg-2ubuntu5.4+esm5
Available with Ubuntu Pro
libkadm5srv-mit8 1.12+dfsg-2ubuntu5.4+esm5
Available with Ubuntu Pro
libkadm5srv-mit9 1.12+dfsg-2ubuntu5.4+esm5
Available with Ubuntu Pro
libkdb5-7 1.12+dfsg-2ubuntu5.4+esm5
Available with Ubuntu Pro
libkrad0 1.12+dfsg-2ubuntu5.4+esm5
Available with Ubuntu Pro
libkrb5-3 1.12+dfsg-2ubuntu5.4+esm5
Available with Ubuntu Pro
libkrb5support0 1.12+dfsg-2ubuntu5.4+esm5
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6947-1
https://ubuntu.com/security/notices/USN-6947-1
CVE-2024-37370, CVE-2024-37371

Package Information:
https://launchpad.net/ubuntu/+source/krb5/1.20.1-6ubuntu2.1
https://launchpad.net/ubuntu/+source/krb5/1.20.1-6ubuntu2.1
https://launchpad.net/ubuntu/+source/krb5/1.19.2-2ubuntu0.4
https://launchpad.net/ubuntu/+source/krb5/1.19.2-2ubuntu0.4
https://launchpad.net/ubuntu/+source/krb5/1.17-6ubuntu4.6
https://launchpad.net/ubuntu/+source/krb5/1.17-6ubuntu4.6

Related news

Red Hat Security Advisory 2024-5884-03

Red Hat Security Advisory 2024-5884-03 - An update for krb5 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.

Red Hat Security Advisory 2024-5316-03

Red Hat Security Advisory 2024-5316-03 - An update for krb5 is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support.

Red Hat Security Advisory 2024-5312-03

Red Hat Security Advisory 2024-5312-03 - An update for krb5 is now available for Red Hat Enterprise Linux 8.

Debian Security Advisory 5726-1

Debian Linux Security Advisory 5726-1 - Two vulnerabilities were discovered in the GSS message token handling in krb5, the MIT implementation of Kerberos. An attacker can take advantage of these flaws to bypass integrity protections or cause a denial of service.

Debian Security Advisory 5726-1

Debian Linux Security Advisory 5726-1 - Two vulnerabilities were discovered in the GSS message token handling in krb5, the MIT implementation of Kerberos. An attacker can take advantage of these flaws to bypass integrity protections or cause a denial of service.

Packet Storm: Latest News

Ivanti EPM Agent Portal Command Execution