paul Posted December 7, 2007 Report Share Posted December 7, 2007 It was found that the gss_userok() function in Heimdal 0.7.2 did not allocate memory for the ticketfile pointer before calling free(), which could possibly allow remote attackers to have an unknown impact via an invalid username. It is uncertain whether or not this is exploitable, however packages are being provided regardless. The updated packages have been patched to correct these issues. Link to comment Share on other sites More sharing options...
Recommended Posts