Heimdal Kerberos转发守护程序文件覆盖漏洞

漏洞信息详情

Heimdal Kerberos转发守护程序文件覆盖漏洞

• CNNVD编号：CNNVD-200210-290
• 危害等级： 超危
  
  
• CVE编号：
  CVE-2002-1225
  
• 漏洞类型：
  
  
  缓冲区溢出
  
• 发布时间：
  
  2002-10-28
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  kth
• 漏洞来源：
  Vulnerability anno…

Heimdal 0.5之前版本可能在(1)kadmind以及(2)kdc服务器中都存在多个缓冲区溢出漏洞。远程攻击者可能获得根使用权。

NetBSD has released an advisory addressing this issue. All versions of NetBSD, including NetBSD-current source prior to September 10, 2002, contain the vulnerable binary, though the service is not enabled by default. NetBSD has fixed this version vulnerability in the 1.5 version of the source, and the 1.6 branch fix is pending. NetBSD Security has advised users of 1.6 to manually remove the vulnerable binaries after completing a “make build.”
Users of Gentoo Linux are advised to upgrade using the following commands:
emerge rsync
emerge heimdal
emerge clean
Updated versions available:
KTH Heimdal 0.3 e

• SuSE heimdal-0.3e-83.i386.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/7.2/sec2/heimdal-0.3e-83.i386.
  rpm
• SuSE heimdal-0.3e-83.src.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/7.2/zq1/heimdal-0.3e-83.src.rp
  m
• SuSE heimdal-devel-0.3e-83.i386.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/7.2/sec2/heimdal-devel-0.3e-83
  .i386.rpm
• SuSE heimdal-lib-0.3e-83.i386.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/7.2/sec1/heimdal-lib-0.3e-83.i
  386.rpm

KTH Heimdal 0.4 d

• KTH heimdal-0.5.tar.gz
  ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.5.tar.gz
• SuSE heimdal-0.4d-113.ppc.rpm
  ftp://ftp.suse.com/pub/suse/ppc/update/7.3/sec2/heimdal-0.4d-113.ppc.r
  pm
• SuSE heimdal-0.4d-113.src.rpm
  ftp://ftp.suse.com/pub/suse/ppc/update/7.3/zq1/heimdal-0.4d-113.src.rp
  m
• SuSE heimdal-0.4d-132.src.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/7.3/zq1/heimdal-0.4d-132.src.r
  pm
• SuSE heimdal-0.4d-67.sparc.rpm
  ftp://ftp.suse.com/pub/suse/sparc/update/7.3/sec2/heimdal-0.4d-67.spar
  c.rpm
• SuSE heimdal-0.4d-67.src.rpm
  ftp://ftp.suse.com/pub/suse/sparc/update/7.3/zq1/heimdal-0.4d-67.src.r
  pm
• SuSE heimdal-devel-0.4d-113.ppc.rpm
  ftp://ftp.suse.com/pub/suse/ppc/update/7.3/sec2/heimdal-devel-0.4d-113
  .ppc.rpm
• SuSE heimdal-devel-0.4d-132.i386.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/7.3/sec2/heimdal-devel-0.4d-13
  2.i386.rpm
• SuSE heimdal-devel-0.4d-67.sparc.rpm
  ftp://ftp.suse.com/pub/suse/sparc/update/7.3/sec2/heimdal-devel-0.4d-6
  7.sparc.rpm
• SuSE heimdal-lib-0.4d-113.ppc.rpm
  ftp://ftp.suse.com/pub/suse/ppc/update/7.3/sec1/heimdal-lib-0.4d-113.p
  pc.rpm
• SuSE heimdal-lib-0.4d-67.sparc.rpm
  ftp://ftp.suse.com/pub/suse/sparc/update/7.3/sec1/heimdal-lib-0.4d-67.
  sparc.rpm

KTH Heimdal 0.4 b

• KTH heimdal-0.5.tar.gz
  ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.5.tar.gz

KTH Heimdal 0.4 c

• KTH heimdal-0.5.tar.gz
  ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.5.tar.gz

KTH Heimdal 0.4 e

• KTH heimdal-0.5.tar.gz
  ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.5.tar.gz
• SuSE heimdal-0.4e-191.i386.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.0/sec3/heimdal-0.4e-191.i386
  .rpm
• SuSE heimdal-0.4e-191.src.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/heimdal-0.4e-191.src.r
  pm
• SuSE heimdal-devel-0.4e-191.i386.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.0/d4/heimdal-devel-0.4e-191.
  i386.rpm
• SuSE heimdal-lib-0.4e-191.i386.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.0/sec1/heimdal-lib-0.4e-191.
  i386.rpm

KTH Heimdal 0.4 a

• KTH heimdal-0.5.tar.gz
  ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.5.tar.gz

来源: BID
名称: 5729
链接:http://www.securityfocus.com/bid/5729

来源: DEBIAN
名称: DSA-178
链接:http://www.debian.org/security/2002/dsa-178

来源: SUSE
名称: SuSE-SA:2002:034
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=103341355708817&w=2

来源: XF
名称: heimdal-kf-kfd-bo(10116)
链接:http://www.iss.net/security_center/static/10116.php

来源: BUGTRAQ
名称: 20021014 GLSA: heimdal
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=103462479621246&w=2