Joined: 12 May 2004
|Posted: Wed Jun 29, 2005 12:03 pm Post subject: [ GLSA 200506-24 ] Heimdal: Buffer overflow vulnerabilities
|Gentoo Linux Security Advisory
Title: Heimdal: Buffer overflow vulnerabilities (GLSA 200506-24)
Date: June 29, 2005
Multiple buffer overflow vulnerabilities in Heimdal's telnetd server could allow the execution of arbitrary code.
Heimdal is a free implementation of Kerberos 5 that includes a telnetd server.
Vulnerable: < 0.6.5
Unaffected: >= 0.6.5
Architectures: All supported architectures
It has been reported that the "getterminaltype" function of Heimdal's telnetd server is vulnerable to buffer overflows.
An attacker could exploit this vulnerability to execute arbitrary code with the permission of the telnetd server program.
There is no known workaround at this time.
All users should upgrade to the latest available version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=app-crypt/heimdal-0.6.5"
Heimdal Advisory 2005-06-20
Last edited by GLSA on Sun May 07, 2006 4:57 pm; edited 1 time in total