Conectiva Information for VU#875073
Kerberos administration daemon vulnerable to buffer overflow
- Vendor Information Help Date Notified: 24 Oct 2002
- Statement Date:
- Date Updated: 06 Nov 2002
Status
Affected
Vendor Statement
Our MIT Kerberos 5 packages in Conectiva Linux 8 do contain the vulnerable kadmind4 daemon, but it is not used by default nor is it installed as a service.
Updated packages are being uploaded to our ftp server and should be available in a few hours at:
The krb5-server-1.2.3-3U8_3cl.i386.rpm package contains a patched kadmind4 daemon. An announcement will be sent to our security mailing list a few hours after the upload is complete.Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Vendor References
None
Addendum
Please see Conectiva Linux Announcement CLSA-2002:534 (English).
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.