Previous articleBack to news listNext article
|
Sponsored links |
Want to become one of our authors and see your work published on ALLSeek.iNFO ?
|
| Kerberos libkadm5srv Heap Overflow in Processing Password History May Let Remote Users Execute Arbitrary Code |
|---|
Categorie: Vulnerability
Posted: 2004-12-23 by ReCall
Views: 417
Source: Click here
| Current Rating: Not rated
|
|
| Details |
|---|
Description: A buffer overflow vulnerability was reported in Kerberos 5 in the libkadm5srv administration library. A remote user may be able to execute arbitrary code on an affected Key Distribution Center (KDC) host.
The vendor reported that there is a heap overflow in the password history handling code. If an administrator has performed a certain password policy change, the system may be affected.
The flaw resides in the add_to_history() function in 'src/lib/kadm5/srv/svr_principal.c', where an array index may be set to an out-of-bounds position, causing a password history to be written past the end of an array.
Michael Tautschnig is credited with reporting this flaw.
Impact: A remote user may be able to execute arbitrary code on the target KDC system in certain cases.
Solution: A patch is available at:
http://web.mit.edu/kerberos/advisories/2004-004-patch_1.3.5.txt
|
| Syndication |
|---|
Permalink Email this
The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=1248
|
| User comments (post your comments ) |
|---|
Only registerd members can post comments and articles
|
|
Previous articleBack to news listNext article
|
