[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 765-1] New heimdal packages fix arbitrary code execution

joey@infodrom.org (Martin Schulze) writes:

> --------------------------------------------------------------------------
> Debian Security Advisory DSA 765-1                     security@debian.org
> http://www.debian.org/security/                             Martin Schulze
> July 22nd, 2005                        http://www.debian.org/security/faq
> --------------------------------------------------------------------------
>
> Package        : heimdal
> Vulnerability  : buffer overflow
> Problem-Type   : remote
> Debian-specific: no
> CVE ID         : CAN-2005-0469
> CERT advisory  : VU#291924
> Debian Bug     : 305574
>
> Gaël Delalleau discovered a buffer overflow in the handling of the
> LINEMODE suboptions in telnet clients.  Heimdal, a free implementation
> of Kerberos 5, also contains such a client.  This can lead to the
> execution of arbitrary code when connected to a malicious server.
>
> For the old stable distribution (woody) this problem has been fixed in
> version 0.4e-7.woody.11.
>
> For the stable distribution (sarge) this problem has been fixed in
> version 0.6.3-10.

Huh?  DSA 758 says that a buffer overflow in the telnet _server_ was
fixed in sarge by version 0.6.3-10sarge1.  I would think that either
0.6.3-10sarge1 is not affected or that 0.6.3-10sarge2 is needed.

> For the unstable distribution (sid) this problem has been fixed in
> version 0.6.3-10.

Similar story here, I'd say.

> We recommend that you upgrade your heimdal package.
>
> [snip]
-- 
Olaf Meeuwissen                          EPSON AVASYS Corporation, LAN
FSF Associate Member #1962           sign up at http://member.fsf.org/
GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97  976A 16C7 F27D 6BE3 7D90
Penguin's lib!       -- I hack, therefore I am --               LPIC-2
Reply to: