aru Posted June 9, 2004 Report Share Posted June 9, 2004 Mandrakesoft Security Advisories MDKSA-2004:056-1 : krb5 Updated krb5 packages fix buffer overflow vulnerabilities June 9th, 2004 Multiple buffer overflows exist in the krb5_aname_to_localname() library function that if exploited could lead to unauthorized root privileges.In order to exploit this flaw, an attacker must first successfully authenticate to a vulnerable service, which must be configured to enable the explicit mapping or rules-based mapping functionality of krb5_aname_to_localname, which is not a default configuration. Mandrakesoft encourages all users to upgrade to these patched krb5 packages. Update: The original patch provided contained a bug where rule-based entries on systems without HAVE_REGCOMP would not work.These updated packages provide the second patch provided by Kerberos development team which fixes that behaviour. The released versions of Mandrake GNU/Linux affected are: 9.1 9.2 10.0 MNF8.2 CS2.1 Full information about this advisory, including the updated packages, is available at: www.mandrakesoft.com/security/advisories?name=MDKSA-2004:056-1 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2004-0523 http://web.mit.edu/kerberos/advisories/MIT...01-an_to_ln.txt Posted automatically by aru (mdksec2mub v0.0.9) Link to comment Share on other sites More sharing options...
Recommended Posts