GLSA
Bodhisattva
Joined: 13 Jun 2003
Posts: 4087
Location: Dresden, Germany
|
 Posted: Thu Sep 16, 2004 9:46 am Post subject: [ GLSA 200409-19 ] Heimdal: ftpd root escalation |
 |
|
Gentoo Linux Security Advisory
Title: Heimdal: ftpd root escalation (GLSA 200409-19)
Severity: high
Exploitable: remote
Date: September 16, 2004
Bug(s): #61412
ID: 200409-19
Synopsis
Several bugs exist in the Heimdal ftp daemon which could allow a remote attacker to gain root privileges.
Background
Heimdal is an implementation of Kerberos 5.
Affected Packages
Package: app-crypt/heimdal
Vulnerable: < 0.6.3
Unaffected: >= 0.6.3
Architectures: All supported architectures
Description
Przemyslaw Frasunek discovered several flaws in lukemftpd, which also apply to Heimdal ftpd's out-of-band signal handling code. Additionally, a potential vulnerability that could lead to Denial of Service by the Key Distribution Center (KDC) has been fixed in this version.
Impact
A remote attacker could be able to run arbitrary code with escalated privileges, which can result in a total compromise of the server.
Workaround
There is no known workaround at this time.
Resolution
All Heimdal users should upgrade to the latest version: | Code: | # emerge sync
# emerge -pv ">=app-crypt/heimdal-0.6.3"
# emerge ">=app-crypt/heimdal-0.6.3" |
References
Heimdal advisory
Advisory by Przemyslaw Frasunek
CAN-2004-0794
Last edited by GLSA on Sun May 07, 2006 4:52 pm; edited 1 time in total |
|
News & Announcements
