Joined: 13 Jun 2003
Location: Barcelona, Spain
|Posted: Thu Jan 06, 2005 2:14 am Post subject: [ GLSA 200501-05 ] mit-krb5: Heap overflow in libkadm5srv
|Gentoo Linux Security Advisory
Title: mit-krb5: Heap overflow in libkadm5srv (GLSA 200501-05)
Date: January 05, 2005
The MIT Kerberos 5 administration library (libkadm5srv) contains a heap overflow that could lead to execution of arbitrary code.
MIT krb5 is the free implementation of the Kerberos network authentication protocol by the Massachusetts Institute of Technology.
Vulnerable: < 1.3.6
Unaffected: >= 1.3.6
Architectures: All supported architectures
The MIT Kerberos 5 administration library libkadm5srv contains a heap overflow in the code handling password changing.
Under specific circumstances an attacker could execute arbitary code with the permissions of the user running mit-krb5, which could be the root user.
There is no known workaround at this time.
All mit-krb5 users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.3.6"
Last edited by GLSA on Wed Nov 01, 2006 4:16 am; edited 7 times in total