[OpenAFS] Buffer Overflow in kerberos / are we affected?

Ian Delahorne ian@assv.net
25 Oct 2002 12:51:26 +0200


Rubino Gei=DF <kb44@rz.uni-karlsruhe.de> writes:

> See: http://www.ciac.org/ciac/bulletins/n-009.shtml
>=20
> In brief:
> PROBLEM: A stack buffer overflow in the implementation of the Kerberos
> v4 compatibility administration daemon (kadmind4) in the MIT krb5
> distribution could be exploited to gain unauthorized root access to a
> KDC host.=20=20

This also effects Heimdal with krb4-support and kth-krb4, for those
that haven't noticed.
--=20
/Ian D
ian@assv.net - www.assv.net