1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
- - -------------------------------------------------------------------- |
5 |
GENTOO LINUX SECURITY ANNOUNCEMENT |
6 |
- - -------------------------------------------------------------------- |
7 |
|
8 |
PACKAGE :krb5 |
9 |
SUMMARY :remote root access |
10 |
DATE :2002-08-02 20:39 UTC |
11 |
|
12 |
- - -------------------------------------------------------------------- |
13 |
|
14 |
OVERVIEW |
15 |
|
16 |
A integer overflow could be exploited to gain root access |
17 |
to a KDC host. |
18 |
|
19 |
DETAIL |
20 |
|
21 |
There is an integer overflow bug in the SUNRPC-derived RPC library |
22 |
used by the Kerberos 5 administration system that could be exploited |
23 |
to gain unauthorized root access to a KDC host. It is believed that |
24 |
the attacker needs to be able to authenticate to the kadmin daemon for |
25 |
this attack to be successful. No exploits are known to exist yet. |
26 |
|
27 |
The full advisory may be found here: |
28 |
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2002-001-xdr.txt |
29 |
|
30 |
SOLUTION |
31 |
|
32 |
It is recommended that all Gentoo Linux users update their systems as |
33 |
follows. |
34 |
|
35 |
emerge rsync |
36 |
emerge krb5 |
37 |
emerge clean |
38 |
|
39 |
- - -------------------------------------------------------------------- |
40 |
Daniel Ahlberg |
41 |
aliz@g.o |
42 |
- - -------------------------------------------------------------------- |
43 |
-----BEGIN PGP SIGNATURE----- |
44 |
Version: GnuPG v1.0.7 (GNU/Linux) |
45 |
|
46 |
iD8DBQE9SvjQfT7nyhUpoZMRAr6QAKCMgqwCW98LFFnNeGxIrkMPGESSwwCdHQsw |
47 |
3rH7Hrva63G+2ulhV6pC30M= |
48 |
=m36V |
49 |
-----END PGP SIGNATURE----- |