[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Remote vulnerability in kadmind
-----BEGIN PGP SIGNED MESSAGE-----
- --On Thursday, October 24, 2002 20:18:05 +0100 Dave Love <firstname.lastname@example.org>
> Is the vulnerability also in 0.4e, i.e. my Debian systems?
> Alternatively, which is the relevant change from the 0.5-0.5.1 diffs?
- From the advisory:
"All versions of the kadmind daemon are vulnerable to a remote root
if compiled with support for the Kerberos 4 kadmin protocol. Heimdal 0.5.1
should fix this problem.
If you are running a version older than 0.5.1 AND have Kerberos 4 support
enabled in kadmind you should disable it until you have time to upgrade."
So, if your 0.4 installs are built in v4 compatibility mode, yes, then they
are vulnerable. I'd upgrade anyway. Sensitive box, that KDC..
Måns Nilsson Systems Specialist
+46 70 681 7204 KTHNOC MN1334-RIPE
We're sysadmins. To us, data is a protocol-overhead.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (OpenBSD)
-----END PGP SIGNATURE-----