Conectiva Information for VU#875073

Kerberos administration daemon vulnerable to buffer overflow

Status

Affected

Vendor Statement

Our MIT Kerberos 5 packages in Conectiva Linux 8 do contain the vulnerable kadmind4 daemon, but it is not used by default nor is it installed as a service.

Updated packages are being uploaded to our ftp server and should be available in a few hours at:

The krb5-server-1.2.3-3U8_3cl.i386.rpm package contains a patched kadmind4 daemon. An announcement will be sent to our security mailing list a few hours after the upload is complete.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

Please see Conectiva Linux Announcement CLSA-2002:534 (English).

If you have feedback, comments, or additional information about this vulnerability, please send us email.