GLSA Bodhisattva
Joined: 13 Jun 2003 Posts: 4087 Location: Dresden, Germany
|
Posted: Thu Jan 06, 2005 2:14 am Post subject: [ GLSA 200501-05 ] mit-krb5: Heap overflow in libkadm5srv |
|
|
Gentoo Linux Security Advisory
Title: mit-krb5: Heap overflow in libkadm5srv (GLSA 200501-05)
Severity: high
Exploitable: remote
Date: January 05, 2005
Bug(s): #75143
ID: 200501-05
Synopsis
The MIT Kerberos 5 administration library (libkadm5srv) contains a heap
overflow that could lead to execution of arbitrary code.
Background
MIT krb5 is the free implementation of the Kerberos network
authentication protocol by the Massachusetts Institute of Technology.
Affected Packages
Package: app-crypt/mit-krb5
Vulnerable: < 1.3.6
Unaffected: >= 1.3.6
Architectures: All supported architectures
Description
The MIT Kerberos 5 administration library libkadm5srv contains a
heap overflow in the code handling password changing.
Impact
Under specific circumstances an attacker could execute arbitary
code with the permissions of the user running mit-krb5, which could be
the root user.
Workaround
There is no known workaround at this time.
Resolution
All mit-krb5 users should upgrade to the latest version:
Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.3.6" |
References
CAN 2004-1189
Last edited by GLSA on Mon Feb 10, 2014 4:18 am; edited 9 times in total |
|