CERT Advisory CA-2002-29 - Multiple Kerberos distributions contain a remotely exploitable buffer overflow in the Kerberos administration daemon. A remote attacker could exploit this vulnerability to gain root privileges.
ade1559565293ec2b2c9c928b2296eda39bf2a45e36ead198be63f16931f4850
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
CORRECTION: CERT Advisory CA-2002-29 Buffer Overflow in Kerberos
Administration Daemon
October 28, 2002
The initial version of CERT Advisory CA-2002-29, sent on 2002-10-25,
contained incorrect references to Debian and SuSE security advisories.
This error has been corrected on our web site.
Debian Security Advisory DSA-178 and SuSE Security Advisory SuSE-
SA:2002:034 DO NOT address the vulnerability described in CA-2002-29
and VU#875073.
Debian has confirmed that they are affected and are working on
patches. Updated information about Debian will be posted as soon as
it is available.
As noted in their statement, SuSE includes Heimdal Kerberos with
Kerberos 4 support disabled.
For the most current information, including which systems are affected
and vendor statements, please see the following documents:
CERT Advisory CA-2002-29
http://www.cert.org/advisories/CA-2002-29.html
Vulnerability Note VU#875073
http://www.kb.cert.org/vuls/id/875073#systems
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iQCVAwUBPb3G82jtSoHZUTs5AQJnQAP+LH+idodpXbjiym6Iaos8qprvSazwdccW
9QafaE4aU8kl9ns2UPpZ3c8HC/EG79zaedRx6QN/YM27TcRE+gnSlzu/xljZBpjs
iEnmW5m3AltGgp30c/Wr1R3B7BoU+0fWU1ofT5a6cGBoLQJVnjMPakHHc3X8CIy2
6C7vW3tmfB0=
=+i4N
-----END PGP SIGNATURE-----