drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Integer-Überlauf in Kerberos 5
| Name: |
Integer-Überlauf in Kerberos 5
|
|
| ID: |
|
|
| Distribution: |
Gentoo |
|
| Plattformen: |
Keine Angabe |
|
| Datum: |
Sa, 3. August 2002, 13:00 |
|
| Referenzen: |
Keine Angabe |
|
| Applikationen: |
MIT Kerberos |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
--------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT
--------------------------------------------------------------------
PACKAGE :krb5
SUMMARY :remote root access
DATE :2002-08-02 20:39 UTC
--------------------------------------------------------------------
OVERVIEW
A integer overflow could be exploited to gain root access
to a KDC host.
DETAIL
There is an integer overflow bug in the SUNRPC-derived RPC library
used by the Kerberos 5 administration system that could be exploited
to gain unauthorized root access to a KDC host. It is believed that
the attacker needs to be able to authenticate to the kadmin daemon for
this attack to be successful. No exploits are known to exist yet.
The full advisory may be found here:
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2002-001-xdr.txt
SOLUTION
It is recommended that all Gentoo Linux users update their systems as
follows.
emerge rsync
emerge krb5
emerge clean
--------------------------------------------------------------------
Daniel Ahlberg
aliz@gentoo.org
--------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE9SvjQfT7nyhUpoZMRAr6QAKCMgqwCW98LFFnNeGxIrkMPGESSwwCdHQsw
3rH7Hrva63G+2ulhV6pC30M=
=m36V
-----END PGP SIGNATURE-----
_______________________________________________
gentoo-security mailing list
gentoo-security@gentoo.org
http://lists.gentoo.org/mailman/listinfo/gentoo-security
|
|
|
|
