1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200409-19 / heimdal |
| Release Date | September 16, 2004 |
| Latest Revision | September 16, 2004: 01 |
| Impact | high |
| Exploitable | remote |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| app-crypt/heimdal | < 0.6.3 | >= 0.6.3 | All supported architectures |
Related bugreports: #61412
Several bugs exist in the Heimdal ftp daemon which could allow a remote attacker to gain root privileges.
Heimdal is an implementation of Kerberos 5.
Przemyslaw Frasunek discovered several flaws in lukemftpd, which also apply to Heimdal ftpd's out-of-band signal handling code.
Additionally, a potential vulnerability that could lead to Denial of Service by the Key Distribution Center (KDC) has been fixed in this version.
A remote attacker could be able to run arbitrary code with escalated privileges, which can result in a total compromise of the server.
There is no known workaround at this time.
All Heimdal users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge sync # emerge -pv ">=app-crypt/heimdal-0.6.3" # emerge ">=app-crypt/heimdal-0.6.3" |