lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <40AA0913.9040904@immunitysec.com>
From: dave at immunitysec.com (Dave Aitel)
Subject: [SECURITY] [DSA 504-1] New heimdal packages
 fix potential buffer overflow

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

"Lead to unexpected behavior?" That is definately not the candor and
honesty the world expects from what may be the leading Linux
distribution, or any open source project. It reeks of proprietary
vendor risk whitewashing. Either you don't understand the problem
effectively, which is bad, or you are attempting to hide it, which is
also bad.

Dave Aitel
Immunity, Inc.

debian-security-announce@...ts.debian.org wrote:

|
- --------------------------------------------------------------------------
|  Debian Security Advisory DSA 504-1 security@...ian.org
| http://www.debian.org/security/                             Martin
| Schulze May 18th, 2004 http://www.debian.org/security/faq
|
- --------------------------------------------------------------------------
|
|
| Package        : heimdal Vulnerability  : missing input sanitising
| Problem-Type   : remote Debian-specific: no CVE ID         :
| CAN-2004-0472
|
| Evgeny Demidov discovered a potential buffer overflow in a Kerberos
| 4 component of heimdal, a free implementation of Kerberos 5.  The
| problem is present in kadmind, a server for administrative access
| to the Kerberos database.  This problem could perhaps be exploited
| to cause the daemon to read a negative amount of data which could
| lead to unexpected behaviour.
|
| For the stable distribution (woody) this problem has been fixed in
| version 0.4e-7.woody.9.
|
| For the unstable distribution (sid) this problem has been fixed in
| version 0.6.2-1.
|
| We recommend that you upgrade your heimdal and related packages.
|

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFAqgkSzOrqAtg8JS8RAl5KAJ4lzKgz5fioVyHXpsAX5f8wspLiCgCfYOW6
e9W61KETU5i22e+yhH6rqM4=
=dh0x
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ