1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200506-24 / heimdal |
| Release Date | June 29, 2005 |
| Latest Revision | June 29, 2005: 01 |
| Impact | high |
| Exploitable | remote |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| app-crypt/heimdal | < 0.6.5 | >= 0.6.5 | All supported architectures |
Related bugreports: #96727
Multiple buffer overflow vulnerabilities in Heimdal's telnetd server could allow the execution of arbitrary code.
Heimdal is a free implementation of Kerberos 5 that includes a telnetd server.
It has been reported that the "getterminaltype" function of Heimdal's telnetd server is vulnerable to buffer overflows.
An attacker could exploit this vulnerability to execute arbitrary code with the permission of the telnetd server program.
There is no known workaround at this time.
All users should upgrade to the latest available version:
Code Listing 3.1: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=app-crypt/heimdal-0.6.5" |