[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Remote vulnerability in kadmind



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



- --On Thursday, October 24, 2002 20:18:05 +0100 Dave Love <d.love@dl.ac.uk>
wrote:

> Is the vulnerability also in 0.4e, i.e. my Debian systems?
> Alternatively, which is the relevant change from the 0.5-0.5.1 diffs?

- From the advisory:


"All versions of the kadmind daemon are vulnerable to a remote root
exploit,  
 if compiled with support for the Kerberos 4 kadmin protocol. Heimdal 0.5.1

 should fix this problem. 

 If you are running a version older than 0.5.1 AND have Kerberos 4 support
 enabled in kadmind you should disable it until you have time to upgrade."

So, if your 0.4 installs are built in v4 compatibility mode, yes, then they
are vulnerable. I'd upgrade anyway. Sensitive box, that KDC.. 
- -- 
Måns Nilsson            Systems Specialist
+46 70 681 7204         KTHNOC  MN1334-RIPE

We're sysadmins. To us, data is a protocol-overhead.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (OpenBSD)

iD8DBQE9uHlX02/pMZDM1cURAjHsAKCMUYi/vG2BzcAM/ZRrqKeB97NCUACfWa49
8hd9pL82ifCNfYLtf+qKm/k=
=pD9n
-----END PGP SIGNATURE-----