USN-7257-1: Kerberos vulnerability
5 February 2025
A system authentication measure could be bypassed.
Releases
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 ESM
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Packages
- krb5 - MIT Kerberos Network Authentication Protocol
Details
Goldberg, Miro Haller, Nadia Heninger, Mike Milano, Dan Shumow, Marc
Stevens, and Adam Suhl discovered that Kerberos incorrectly authenticated
certain responses. An attacker able to intercept communications between a
RADIUS client and server could possibly use this issue to forge responses,
bypass authentication, and access network devices and services.
This update introduces support for the Message-Authenticator attribute in
non-EAP authentication methods for communications between Kerberos and a
RADIUS server.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 24.10
Ubuntu 24.04
Ubuntu 22.04
Ubuntu 20.04
Ubuntu 18.04
-
libk5crypto3
-
1.16-2ubuntu0.4+esm3
Available with Ubuntu Pro
-
libkrad0
-
1.16-2ubuntu0.4+esm3
Available with Ubuntu Pro
Ubuntu 16.04
-
libk5crypto3
-
1.13.2+dfsg-5ubuntu2.2+esm6
Available with Ubuntu Pro
-
libkrad0
-
1.13.2+dfsg-5ubuntu2.2+esm6
Available with Ubuntu Pro
Ubuntu 14.04
-
libk5crypto3
-
1.12+dfsg-2ubuntu5.4+esm6
-
libkrad0
-
1.12+dfsg-2ubuntu5.4+esm6
In general, a standard system update will make all the necessary changes.