Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 121839
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Stefan Cornelius (RETIRED) <dercorny@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 121839 depends on: Show dependency tree
Bug 121839 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2006-02-06 08:23 0000 
The rshd server in Heimdal has a privilege escalation bug when storing
forwarded credentials. The code allowes a user to overwrite a file with its
credential cache, and get ownership of the file. 
 0.7.2 and 0.6.6 fixes this problem. 
 The only workaround for this bug is to disable the rshd server program.

------- Comment #1 From Stefan Cornelius (RETIRED) 2006-02-06 08:25:18 0000 ------- 
kerberos herd please bump, thank you.

------- Comment #2 From Stefan Cornelius (RETIRED) 2006-02-06 08:26:25 0000 ------- 
blah, forget to accept my own bug ...

------- Comment #3 From Stefan Cornelius (RETIRED) 2006-02-23 07:53:55 0000 ------- 
guys, any progress?

------- Comment #4 From Martin Mokrejš 2006-03-09 09:15:06 0000 ------- 
Try the following and report back (it compiles for me fine):

cd /usr/portage/app-crypt/heimdal/
cp heimdal-0.7.1-r1.ebuild heimdal-0.7.2.ebuild
cp /usr/portage/distfiles/heimdal-0.7.1-gentoo-patches-0.1.tar.bz2
/usr/portage/distfiles/heimdal-0.7.2-gentoo-patches-0.1.tar.bz2
ebuild heimdal-0.7.2.ebuild digest
emerge -u heimdal && echo "<app-crypt/heimdal-0.7.2" >>
/etc/portage/package.mask

------- Comment #5 From Emanuele Giaquinta (RETIRED) 2006-03-13 16:30:33 0000 ------- 
Bumped 0.7.2. Arches please test and mark stable.

------- Comment #6 From Markus Rothe 2006-03-13 17:36:06 0000 ------- 
bumped to stable on ppc64 (ebuild was somehow missing ~ppc64)

------- Comment #7 From Mark Loeser 2006-03-13 22:08:58 0000 ------- 
x86 done

------- Comment #8 From Fernando J. Pereda (RETIRED) 2006-03-14 09:46:05 0000 ------- 
Alpha done

------- Comment #9 From Luis Medinas (RETIRED) 2006-03-14 15:08:24 0000 ------- 
stable on amd64

------- Comment #10 From Jason Wever (RETIRED) 2006-03-14 17:04:43 0000 ------- 
Here a SPARC, there a SPARC, everywhere a SPARC SPARC

------- Comment #11 From Tobias Scherbaum 2006-03-15 22:04:27 0000 ------- 
ppc stable

------- Comment #12 From René Nussbaumer 2006-03-16 11:20:22 0000 ------- 
Stable on hppa. Forgot to remove CC.

------- Comment #13 From Stefan Cornelius (RETIRED) 2006-03-17 02:12:10 0000 ------- 
ready for glsa

------- Comment #14 From Stefan Cornelius (RETIRED) 2006-03-17 10:00:15 0000 ------- 
GLSA 200603-14

Thanks everybody, other arches dont forget to stable to benefit from the GLSA
;)

------- Comment #15 From Joshua Kinard 2006-09-03 13:36:22 0000 ------- 
0.7.2-r3 was marked stable on mips, thus retro-fixing this.
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug