Heimdal: Buffer overflow vulnerabilities — GLSA 200506-24

Multiple buffer overflow vulnerabilities in Heimdal's telnetd server could allow the execution of arbitrary code.

Affected Packages

app-crypt/heimdal on all architectures
Affected versions < 0.6.5
Unaffected versions >= 0.6.5

Background

Heimdal is a free implementation of Kerberos 5 that includes a telnetd server.

Description

It has been reported that the "getterminaltype" function of Heimdal's telnetd server is vulnerable to buffer overflows.

Impact

An attacker could exploit this vulnerability to execute arbitrary code with the permission of the telnetd server program.

Workaround

There is no known workaround at this time.

Resolution

All users should upgrade to the latest available version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-crypt/heimdal-0.6.5"

References

Release Date
June 29, 2005

Latest Revision
June 29, 2005: 01

Severity
high

Exploitable
remote

Bugzilla entries