drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Integer-Überlauf in Kerberos 5
Name: |
Integer-Überlauf in Kerberos 5
|
|
ID: |
|
|
Distribution: |
Gentoo |
|
Plattformen: |
Keine Angabe |
|
Datum: |
Sa, 3. August 2002, 13:00 |
|
Referenzen: |
Keine Angabe |
|
Applikationen: |
MIT Kerberos |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
-------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT --------------------------------------------------------------------
PACKAGE :krb5 SUMMARY :remote root access DATE :2002-08-02 20:39 UTC
--------------------------------------------------------------------
OVERVIEW
A integer overflow could be exploited to gain root access to a KDC host.
DETAIL
There is an integer overflow bug in the SUNRPC-derived RPC library used by the Kerberos 5 administration system that could be exploited to gain unauthorized root access to a KDC host. It is believed that the attacker needs to be able to authenticate to the kadmin daemon for this attack to be successful. No exploits are known to exist yet.
The full advisory may be found here: http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2002-001-xdr.txt
SOLUTION
It is recommended that all Gentoo Linux users update their systems as follows.
emerge rsync emerge krb5 emerge clean
-------------------------------------------------------------------- Daniel Ahlberg aliz@gentoo.org -------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE9SvjQfT7nyhUpoZMRAr6QAKCMgqwCW98LFFnNeGxIrkMPGESSwwCdHQsw 3rH7Hrva63G+2ulhV6pC30M= =m36V -----END PGP SIGNATURE-----
_______________________________________________ gentoo-security mailing list gentoo-security@gentoo.org http://lists.gentoo.org/mailman/listinfo/gentoo-security
|
|
|
|