Conectiva Information for VU#875073
Kerberos administration daemon vulnerable to buffer overflow
Our MIT Kerberos 5 packages in Conectiva Linux 8 do contain the vulnerable kadmind4 daemon, but it is not used by default nor is it installed as a service.
Updated packages are being uploaded to our ftp server and should be available in a few hours at:
The krb5-server-1.2.3-3U8_3cl.i386.rpm package contains a patched kadmind4 daemon. An announcement will be sent to our security mailing list a few hours after the upload is complete.
The vendor has not provided us with any further information regarding this vulnerability.
Please see Conectiva Linux Announcement CLSA-2002:534 (English).
If you have feedback, comments, or additional information about this vulnerability, please send us email.