[prev in list] [next in list] [prev in thread] [next in thread]
List: gentoo-desktop
Subject: [gentoo-desktop] GLSA: krb5
From: Daniel Ahlberg <aliz () gentoo ! org>
Date: 2002-08-02 21:25:35
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - --------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT
- - --------------------------------------------------------------------
PACKAGE :krb5
SUMMARY :remote root access
DATE :2002-08-02 20:39 UTC
- - --------------------------------------------------------------------
OVERVIEW
A integer overflow could be exploited to gain root access
to a KDC host.
DETAIL
There is an integer overflow bug in the SUNRPC-derived RPC library
used by the Kerberos 5 administration system that could be exploited
to gain unauthorized root access to a KDC host. It is believed that
the attacker needs to be able to authenticate to the kadmin daemon for
this attack to be successful. No exploits are known to exist yet.
The full advisory may be found here:
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2002-001-xdr.txt
SOLUTION
It is recommended that all Gentoo Linux users update their systems as
follows.
emerge rsync
emerge krb5
emerge clean
- - --------------------------------------------------------------------
Daniel Ahlberg
aliz@gentoo.org
- - --------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE9SvjQfT7nyhUpoZMRAr6QAKCMgqwCW98LFFnNeGxIrkMPGESSwwCdHQsw
3rH7Hrva63G+2ulhV6pC30M=
=m36V
-----END PGP SIGNATURE-----
_______________________________________________
gentoo-desktop mailing list
gentoo-desktop@gentoo.org
http://lists.gentoo.org/mailman/listinfo/gentoo-desktop
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic