blob: 2a87710565ee3e2bd76113da3ff7c9967c388498 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200409-19">
<title>Heimdal: ftpd root escalation</title>
Several bugs exist in the Heimdal ftp daemon which could allow a remote
attacker to gain root privileges.
<product type="ebuild">heimdal</product>
<announced>September 16, 2004</announced>
<revised>September 16, 2004: 01</revised>
<package name="app-crypt/heimdal" auto="yes" arch="*">
<unaffected range="ge">0.6.3</unaffected>
<vulnerable range="lt">0.6.3</vulnerable>
Heimdal is an implementation of Kerberos 5.
Przemyslaw Frasunek discovered several flaws in lukemftpd, which also apply
to Heimdal ftpd's out-of-band signal handling code.
Additionally, a potential vulnerability that could lead to Denial of
Service by the Key Distribution Center (KDC) has been fixed in this
<impact type="high">
A remote attacker could be able to run arbitrary code with escalated
privileges, which can result in a total compromise of the server.
There is no known workaround at this time.
All Heimdal users should upgrade to the latest version:
# emerge sync
# emerge -pv ">=app-crypt/heimdal-0.6.3"
# emerge ">=app-crypt/heimdal-0.6.3"</code>
<uri link="">Heimdal advisory</uri>
<uri link="">Advisory by Przemyslaw Frasunek</uri>
<uri link="">CAN-2004-0794</uri>
<metadata tag="submitter" timestamp="Mon, 13 Sep 2004 14:06:46 +0000">
<metadata tag="bugReady" timestamp="Thu, 16 Sep 2004 04:33:06 +0000">