[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 765-1] New heimdal packages fix arbitrary code execution

In gmane.linux.debian.devel.security, you wrote:
>> Package        : heimdal
>> Vulnerability  : buffer overflow
>> Problem-Type   : remote
>> Debian-specific: no
>> CVE ID         : CAN-2005-0469

>> Gaël Delalleau discovered a buffer overflow in the handling of the
>> LINEMODE suboptions in telnet clients.  Heimdal, a free implementation
>> of Kerberos 5, also contains such a client.  This can lead to the
>> execution of arbitrary code when connected to a malicious server.
> Huh?  DSA 758 says that a buffer overflow in the telnet _server_ was
> fixed in sarge by version 0.6.3-10sarge1.  I would think that either
> 0.6.3-10sarge1 is not affected or that 0.6.3-10sarge2 is needed.

This is the heimdal equivalent to the MIT Kerberos fix from DSA-703.

Reply to: