Heimdal: rshd privilege escalation — GLSA 200603-14

An error in the rshd daemon of Heimdal could allow authenticated users to elevate privileges.

Affected packages

app-crypt/heimdal on all architectures
Affected versions < 0.7.2
Unaffected versions >= 0.7.2

Background

Heimdal is a free implementation of Kerberos 5.

Description

An unspecified privilege escalation vulnerability in the rshd server of Heimdal has been reported.

Impact

Authenticated users could exploit the vulnerability to escalate privileges or to change the ownership and content of arbitrary files.

Workaround

There is no known workaround at this time.

Resolution

All Heimdal users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-crypt/heimdal-0.7.2"

References

Release date
March 17, 2006

Latest revision
March 17, 2006: 01

Severity
normal

Exploitable
remote

Bugzilla entries