GLSA
Moderator
Joined: 13 Jun 2003
Posts: 4074
Location: Barcelona, Spain
|
 Posted: Thu Jan 06, 2005 2:14 am Post subject: [ GLSA 200501-05 ] mit-krb5: Heap overflow in libkadm5srv |
 |
|
Gentoo Linux Security Advisory
Title: mit-krb5: Heap overflow in libkadm5srv (GLSA 200501-05)
Severity: high
Exploitable: remote
Date: January 05, 2005
Bug(s): #75143
ID: 200501-05
Synopsis
The MIT Kerberos 5 administration library (libkadm5srv) contains a heap overflow that could lead to execution of arbitrary code.
Background
MIT krb5 is the free implementation of the Kerberos network authentication protocol by the Massachusetts Institute of Technology.
Affected Packages
Package: app-crypt/mit-krb5
Vulnerable: < 1.3.6
Unaffected: >= 1.3.6
Architectures: All supported architectures
Description
The MIT Kerberos 5 administration library libkadm5srv contains a heap overflow in the code handling password changing.
Impact
Under specific circumstances an attacker could execute arbitary code with the permissions of the user running mit-krb5, which could be the root user.
Workaround
There is no known workaround at this time.
Resolution
All mit-krb5 users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.3.6" |
References
CAN 2004-1189
Last edited by GLSA on Wed Nov 01, 2006 4:16 am; edited 7 times in total |
|
News & Announcements
