krb5 vulnerability

2007-01-1600:00:00

ubuntu.com

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.6

Confidence

Low

EPSS

0.609

Percentile

97.8%

JSON

Releases

Ubuntu 6.10
Ubuntu 6.06

Details

The server-side portion of Kerberos’ RPC library had a memory
management flaw which allowed users of that library to call a function
pointer located in unallocated memory. By doing specially crafted
calls to the kadmind server, a remote attacker could exploit this to
execute arbitrary code with root privileges on the target computer.

OSVersionArchitecturePackageVersionFilename
Ubuntu6.10noarchlibkrb53< 1.4.3-9ubuntu1.1UNKNOWN
Ubuntu6.10noarchlibkadm55< 1.4.3-9ubuntu1.1UNKNOWN
Ubuntu6.06noarchlibkrb53< 1.4.3-5ubuntu0.2UNKNOWN
Ubuntu6.06noarchlibkadm55< 1.4.3-5ubuntu0.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	6.10	noarch	libkrb53	< 1.4.3-9ubuntu1.1	UNKNOWN
Ubuntu	6.10	noarch	libkadm55	< 1.4.3-9ubuntu1.1	UNKNOWN
Ubuntu	6.06	noarch	libkrb53	< 1.4.3-5ubuntu0.2	UNKNOWN
Ubuntu	6.06	noarch	libkadm55	< 1.4.3-5ubuntu0.2	UNKNOWN