GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Wed Feb 22, 2012 10:26 pm Post subject: [ GLSA 201202-05 ] Heimdal: Arbitrary code execution |
 |
|
Gentoo Linux Security Advisory
Title: Heimdal: Arbitrary code execution (GLSA 201202-05)
Severity: high
Exploitable: remote
Date: February 22, 2012
Bug(s): #396105
ID: 201202-05
Synopsis
A boundary error in Heimdal could result in execution of arbitrary
code.
Background
Heimdal is a free implementation of Kerberos 5.
Affected Packages
Package: app-crypt/heimdal
Vulnerable: < 1.5.1-r1
Unaffected: >= 1.5.1-r1
Architectures: All supported architectures
Description
A boundary error in the "encrypt_keyid()" function in
appl/telnet/libtelnet/encrypt.c of the telnet daemon and client could
cause a buffer overflow.
Impact
An unauthenticated remote attacker may be able to execute arbitrary code
with the privileges of the user running the telnet daemon or client, or
cause Denial of Service.
Workaround
There is no known workaround at this time.
Resolution
All Heimdal users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-crypt/heimdal-1.5.1-r1"
|
References
CVE-2011-4862 |
|
News & Announcements
