heimdal -- Multiple vulnerabilities

2006-02-06T00:00:00
ID B62C80C2-B81A-11DA-BEC5-00123FFE8333
Type freebsd
Reporter FreeBSD
Modified 2006-02-06T00:00:00

Description

A Project heimdal Security Advisory reports:

The telnet client program in Heimdal has buffer overflows in the functions slc_add_reply() and env_opt_add(), which may lead to remote code execution.

The telnetd server program in Heimdal has buffer overflows in the function getterminaltype, which may lead to remote code execution.

The rshd server in Heimdal has a privilege escalation bug when storing forwarded credentials. The code allowes a user to overwrite a file with its credential cache, and get ownership of the file.