blob: c00864d8ff0d6d7dec773a15bea4d8cc2b89bb60 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200506-24">
<title>Heimdal: Buffer overflow vulnerabilities</title>
Multiple buffer overflow vulnerabilities in Heimdal's telnetd server could
allow the execution of arbitrary code.
<product type="ebuild">heimdal</product>
<announced>June 29, 2005</announced>
<revised>June 29, 2005: 01</revised>
<package name="app-crypt/heimdal" auto="yes" arch="*">
<unaffected range="ge">0.6.5</unaffected>
<vulnerable range="lt">0.6.5</vulnerable>
Heimdal is a free implementation of Kerberos 5 that includes a
telnetd server.
It has been reported that the "getterminaltype" function of
Heimdal's telnetd server is vulnerable to buffer overflows.
<impact type="high">
An attacker could exploit this vulnerability to execute arbitrary
code with the permission of the telnetd server program.
There is no known workaround at this time.
All users should upgrade to the latest available version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=app-crypt/heimdal-0.6.5&quot;</code>
<uri link="">CAN-2005-2040</uri>
<uri link="">Heimdal Advisory 2005-06-20</uri>
<metadata tag="requester" timestamp="Thu, 23 Jun 2005 11:06:31 +0000">
<metadata tag="submitter" timestamp="Thu, 23 Jun 2005 12:58:46 +0000">
<metadata tag="bugReady" timestamp="Wed, 29 Jun 2005 07:29:29 +0000">