Conectiva Information for VU#875073

Kerberos administration daemon vulnerable to buffer overflow



Vendor Statement

Our MIT Kerberos 5 packages in Conectiva Linux 8 do contain the vulnerable kadmind4 daemon, but it is not used by default nor is it installed as a service.

Updated packages are being uploaded to our ftp server and should be available in a few hours at:
The krb5-server-1.2.3-3U8_3cl.i386.rpm package contains a patched kadmind4 daemon. An announcement will be sent to our security mailing list a few hours after the upload is complete.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



Please see Conectiva Linux Announcement CLSA-2002:534 (English).

If you have feedback, comments, or additional information about this vulnerability, please send us email.