GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Wed Jun 29, 2005 12:03 pm Post subject: [ GLSA 200506-24 ] Heimdal: Buffer overflow vulnerabilities |
 |
|
Gentoo Linux Security Advisory
Title: Heimdal: Buffer overflow vulnerabilities (GLSA 200506-24)
Severity: high
Exploitable: remote
Date: June 29, 2005
Bug(s): #96727
ID: 200506-24
Synopsis
Multiple buffer overflow vulnerabilities in Heimdal's telnetd server could allow the execution of arbitrary code.
Background
Heimdal is a free implementation of Kerberos 5 that includes a telnetd server.
Affected Packages
Package: app-crypt/heimdal
Vulnerable: < 0.6.5
Unaffected: >= 0.6.5
Architectures: All supported architectures
Description
It has been reported that the "getterminaltype" function of Heimdal's telnetd server is vulnerable to buffer overflows.
Impact
An attacker could exploit this vulnerability to execute arbitrary code with the permission of the telnetd server program.
Workaround
There is no known workaround at this time.
Resolution
All users should upgrade to the latest available version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-crypt/heimdal-0.6.5" |
References
CAN-2005-2040
Heimdal Advisory 2005-06-20
Last edited by GLSA on Sun May 07, 2006 4:57 pm; edited 1 time in total |
|
News & Announcements
