|
|
Subscribe / Log in / New account

krb5: Buffer Overflow in Kerberos Administration Daemon

Package(s):krb5, heimdal CVE #(s):CAN-2002-1235
Created:October 29, 2002 Updated:January 14, 2003
Description: CERT Advisory CA-2002-29 Buffer Overflow in Kerberos Administration Daemon

Systems Affected

  • MIT Kerberos version 4 and version 5 up to and including krb5-1.2.6
  • KTH eBones prior to version 1.2.1 and KTH Heimdal prior to version 0.5.1
  • Other Kerberos implementations derived from vulnerable MIT or KTH code

Overview

Multiple Kerberos distributions contain a remotely exploitable buffer overflow in the Kerberos administration daemon. A remote attacker could exploit this vulnerability to gain root privileges on a vulnerable system.

The CERT/CC has received reports that indicate that this vulnerability is being exploited. In addition, MIT advisory MITKRB5-SA-2002-002 notes that an exploit is circulating.

We strongly encourage sites that use vulnerable Kerberos distributions to verify the integrity of their systems and apply patches or upgrade as appropriate.

Alerts:
Mandrake MDKSA-2002:073-1 krb5 2003-01-13
Red Hat RHSA-2002:242-06 krb5 2002-11-06
Conectiva CLA-2002:534 krb5 2002-10-25
Debian DSA-185-1 heimdal 2002-10-31
Debian DSA-184-1 krb4 2002-10-30
Sorcerer SORCERER2002-10-27 krb5 2002-10-27
Mandrake MDKSA-2002:073 krb5 2002-10-29
Debian DSA-183-1 krb5 2002-10-29
Gentoo kth-krb-20021026 kth-krb 2002-10-26
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds