Full Disclosure mailing list archives
Re: [SECURITY] [DSA 504-1] New heimdal packages fix potential buffer overflow
From: Dave Aitel <dave () immunitysec com>
Date: Tue, 18 May 2004 09:01:07 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 "Lead to unexpected behavior?" That is definately not the candor and honesty the world expects from what may be the leading Linux distribution, or any open source project. It reeks of proprietary vendor risk whitewashing. Either you don't understand the problem effectively, which is bad, or you are attempting to hide it, which is also bad. Dave Aitel Immunity, Inc. debian-security-announce () lists debian org wrote: | - -------------------------------------------------------------------------- | Debian Security Advisory DSA 504-1 security () debian org | http://www.debian.org/security/ Martin | Schulze May 18th, 2004 http://www.debian.org/security/faq | - -------------------------------------------------------------------------- | | | Package : heimdal Vulnerability : missing input sanitising | Problem-Type : remote Debian-specific: no CVE ID : | CAN-2004-0472 | | Evgeny Demidov discovered a potential buffer overflow in a Kerberos | 4 component of heimdal, a free implementation of Kerberos 5. The | problem is present in kadmind, a server for administrative access | to the Kerberos database. This problem could perhaps be exploited | to cause the daemon to read a negative amount of data which could | lead to unexpected behaviour. | | For the stable distribution (woody) this problem has been fixed in | version 0.4e-7.woody.9. | | For the unstable distribution (sid) this problem has been fixed in | version 0.6.2-1. | | We recommend that you upgrade your heimdal and related packages. | -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAqgkSzOrqAtg8JS8RAl5KAJ4lzKgz5fioVyHXpsAX5f8wspLiCgCfYOW6 e9W61KETU5i22e+yhH6rqM4= =dh0x -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [SECURITY] [DSA 504-1] New heimdal packages fix potential buffer overflow debian-security-announce (May 18)
- Re: [SECURITY] [DSA 504-1] New heimdal packages fix potential buffer overflow Dave Aitel (May 18)