heimdal -- missing input sanitising

2004-05-18T00:00:00
ID DSA-504
Type debian
Reporter Debian
Modified 2004-05-18T00:00:00

Description

Evgeny Demidov discovered a potential buffer overflow in a Kerberos 4 component of heimdal, a free implementation of Kerberos 5. The problem is present in kadmind, a server for administrative access to the Kerberos database. This problem could perhaps be exploited to cause the daemon to read a negative amount of data which could lead to unexpected behaviour.

For the stable distribution (woody) this problem has been fixed in version 0.4e-7.woody.9.

For the unstable distribution (sid) this problem has been fixed in version 0.6.2-1.

We recommend that you upgrade your heimdal and related packages.