Gentoo Archives: gentoo-ppc-dev

From: Daniel Ahlberg <aliz@g.o>
To: gentoo-security@g.o
Cc: gentoo-user@g.o, gentoo-dev@g.o, gentoo-desktop@g.o, gentooppc-user@g.o, gentooppc-dev@g.o, gentoo-sparc@g.o
Subject: [gentooppc-dev] GLSA: krb5
Date: Fri, 02 Aug 2002 16:25:49
Message-Id: 200208022325.38110.aliz@gentoo.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT
- - --------------------------------------------------------------------

PACKAGE        :krb5
SUMMARY        :remote root access
DATE           :2002-08-02 20:39 UTC

- - --------------------------------------------------------------------

OVERVIEW

A integer overflow could be exploited to gain root access
to a KDC host.

DETAIL

There is an integer overflow bug in the SUNRPC-derived RPC library
used by the Kerberos 5 administration system that could be exploited
to gain unauthorized root access to a KDC host.  It is believed that
the attacker needs to be able to authenticate to the kadmin daemon for
this attack to be successful.  No exploits are known to exist yet.

The full advisory may be found here:
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2002-001-xdr.txt

SOLUTION

It is recommended that all Gentoo Linux users update their systems as
follows.

emerge rsync
emerge krb5
emerge clean

- - --------------------------------------------------------------------
Daniel Ahlberg
aliz@g.o
- - --------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9SvjQfT7nyhUpoZMRAr6QAKCMgqwCW98LFFnNeGxIrkMPGESSwwCdHQsw
3rH7Hrva63G+2ulhV6pC30M=
=m36V
-----END PGP SIGNATURE-----