LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

krb5: Buffer Overflow in Kerberos Administration Daemon

Package(s):krb5, heimdal CVE #(s):CAN-2002-1235
Created:October 29, 2002 Updated:January 14, 2003
Description: CERT Advisory CA-2002-29 Buffer Overflow in Kerberos Administration Daemon

Systems Affected

  • MIT Kerberos version 4 and version 5 up to and including krb5-1.2.6
  • KTH eBones prior to version 1.2.1 and KTH Heimdal prior to version 0.5.1
  • Other Kerberos implementations derived from vulnerable MIT or KTH code

Overview

Multiple Kerberos distributions contain a remotely exploitable buffer overflow in the Kerberos administration daemon. A remote attacker could exploit this vulnerability to gain root privileges on a vulnerable system.

The CERT/CC has received reports that indicate that this vulnerability is being exploited. In addition, MIT advisory MITKRB5-SA-2002-002 notes that an exploit is circulating.

We strongly encourage sites that use vulnerable Kerberos distributions to verify the integrity of their systems and apply patches or upgrade as appropriate.

Alerts:
Mandrake MDKSA-2002:073-1 2003-01-13
Red Hat RHSA-2002:242-06 2002-11-06
Conectiva CLA-2002:534 2002-10-25
Debian DSA-185-1 2002-10-31
Debian DSA-184-1 2002-10-30
Sorcerer SORCERER2002-10-27 2002-10-27
Mandrake MDKSA-2002:073 2002-10-29
Debian DSA-183-1 2002-10-29
Gentoo kth-krb-20021026 2002-10-26
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds