[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Remote vulnerability in kadmind
Måns Nilsson <firstname.lastname@example.org> writes:
> From the advisory:
Where should I have seen that? I've seen a recent MIT advisory on
bugtraq, which may or may not be about the same thing, but not one for
Heimdal. I now realize it's on the web site, but that's not explicit
about how `you should disable [Kerberos 4 support]'.
I think it would be useful if announcements were copied to
heimdal-discuss, which is what I'd expect.
> So, if your 0.4 installs are built in v4 compatibility mode, yes, then they
> are vulnerable.
The web site implies I can fix the configuration without rebuilding --
is that false?
> I'd upgrade anyway. Sensitive box, that KDC..
That's why I'm asking, but it's not that easy to upgrade.