|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200504-28] Heimdal: Buffer overflow vulnerabilities Vulnerability Scan
Vulnerability Scan Summary Heimdal: Buffer overflow vulnerabilities
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200504-28
(Heimdal: Buffer overflow vulnerabilities)
Buffer overflow vulnerabilities in the slc_add_reply() and
env_opt_add() functions have been discovered by Gael Delalleau in the
telnet client in Heimdal.
Impact
Successful exploitation would require a vulnerable user to connect
to a possible hacker-controlled host using the telnet client, potentially
executing arbitrary code with the permissions of the user running the
application.
Workaround
There is no known workaround at this time.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0469
Solution:
All Heimdal users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-crypt/heimdal-0.6.4"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|