|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200501-05] mit-krb5: Heap overflow in libkadm5srv Vulnerability Scan
Vulnerability Scan Summary mit-krb5: Heap overflow in libkadm5srv
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200501-05
(mit-krb5: Heap overflow in libkadm5srv)
The MIT Kerberos 5 administration library libkadm5srv contains a
heap overflow in the code handling password changing.
Impact
Under specific circumstances a possible hacker could execute arbitary
code with the permissions of the user running mit-krb5, which could be
the root user.
Workaround
There is no known workaround at this time.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1189
Solution:
All mit-krb5 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.3.6"
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|