Security
Security
Multiple buffer overflow vulnerabilities in Heimdal's telnetd server could allow the execution of arbitrary code.
| Package | app-crypt/heimdal on all architectures |
|---|---|
| Affected versions | < 0.6.5 |
| Unaffected versions | >= 0.6.5 |
Heimdal is a free implementation of Kerberos 5 that includes a telnetd server.
It has been reported that the "getterminaltype" function of Heimdal's telnetd server is vulnerable to buffer overflows.
An attacker could exploit this vulnerability to execute arbitrary code with the permission of the telnetd server program.
There is no known workaround at this time.
All users should upgrade to the latest available version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-crypt/heimdal-0.6.5"
Release date
June 29, 2005
Latest revision
June 29, 2005: 01
Severity
high
Exploitable
remote
Bugzilla entries