Re: [SECURITY] [DSA 765-1] New heimdal packages fix arbitrary code execution
In gmane.linux.debian.devel.security, you wrote:
>> Package : heimdal
>> Vulnerability : buffer overflow
>> Problem-Type : remote
>> Debian-specific: no
>> CVE ID : CAN-2005-0469
>> Gaël Delalleau discovered a buffer overflow in the handling of the
>> LINEMODE suboptions in telnet clients. Heimdal, a free implementation
>> of Kerberos 5, also contains such a client. This can lead to the
>> execution of arbitrary code when connected to a malicious server.
> Huh? DSA 758 says that a buffer overflow in the telnet _server_ was
> fixed in sarge by version 0.6.3-10sarge1. I would think that either
> 0.6.3-10sarge1 is not affected or that 0.6.3-10sarge2 is needed.
This is the heimdal equivalent to the MIT Kerberos fix from DSA-703.