Re: [SECURITY] [DSA 765-1] New heimdal packages fix arbitrary code execution

To: Olaf Meeuwissen <olaf.meeuwissen@avasys.jp>
Cc: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 765-1] New heimdal packages fix arbitrary code execution
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Wed, 27 Jul 2005 12:12:16 +0200
Message-id: <[🔎] 20050727101216.GA5580@informatik.uni-bremen.de>
In-reply-to: <[🔎] 87ek9k4rf7.fsf@zen.epkowa.co.jp>
References: <m1DxfJQ-000pQ3C@finlandia.Infodrom.North.DE> <[🔎] 87ek9k4rf7.fsf@zen.epkowa.co.jp>

In gmane.linux.debian.devel.security, you wrote:
>> Package        : heimdal
>> Vulnerability  : buffer overflow
>> Problem-Type   : remote
>> Debian-specific: no
>> CVE ID         : CAN-2005-0469

>> Gaël Delalleau discovered a buffer overflow in the handling of the
>> LINEMODE suboptions in telnet clients.  Heimdal, a free implementation
>> of Kerberos 5, also contains such a client.  This can lead to the
>> execution of arbitrary code when connected to a malicious server.
>
> Huh?  DSA 758 says that a buffer overflow in the telnet _server_ was
> fixed in sarge by version 0.6.3-10sarge1.  I would think that either
> 0.6.3-10sarge1 is not affected or that 0.6.3-10sarge2 is needed.

This is the heimdal equivalent to the MIT Kerberos fix from DSA-703.

Reply to:

Follow-Ups:
- Re: [SECURITY] [DSA 765-1] New heimdal packages fix arbitrary code execution
  - From: Olaf Meeuwissen <olaf.meeuwissen@avasys.jp>

References:
- Re: [SECURITY] [DSA 765-1] New heimdal packages fix arbitrary code execution
  - From: Olaf Meeuwissen <olaf.meeuwissen@avasys.jp>

Prev by Date: IPsec from native KAME in 2.6 kernel to FreeS/WAN on 2.4
Next by Date: Re: Please announce current lack of security support
Previous by thread: Re: [SECURITY] [DSA 765-1] New heimdal packages fix arbitrary code execution
Next by thread: Re: [SECURITY] [DSA 765-1] New heimdal packages fix arbitrary code execution
Index(es):
- Date
- Thread