Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 121839 - app-crypt/heimdal: rshd privilege escalation vulnerability
Summary: app-crypt/heimdal: rshd privilege escalation vulnerability
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://www.pdc.kth.se/heimdal/advisor...
Whiteboard: B2 [glsa] DerCorny
Keywords:
Depends on:
Blocks:
 
Reported: 2006-02-06 08:23 UTC by Stefan Cornelius (RETIRED)
Modified: 2006-11-11 19:54 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Cornelius (RETIRED) gentoo-dev 2006-02-06 08:23:28 UTC 
The rshd server in Heimdal has a privilege escalation bug when storing forwarded credentials. The code allowes a user to overwrite a file with its credential cache, and get ownership of the file. 
 0.7.2 and 0.6.6 fixes this problem. 
 The only workaround for this bug is to disable the rshd server program.
Comment 1 Stefan Cornelius (RETIRED) gentoo-dev 2006-02-06 08:25:18 UTC 
kerberos herd please bump, thank you.
Comment 2 Stefan Cornelius (RETIRED) gentoo-dev 2006-02-06 08:26:25 UTC 
blah, forget to accept my own bug ...
Comment 3 Stefan Cornelius (RETIRED) gentoo-dev 2006-02-23 07:53:55 UTC 
guys, any progress?
Comment 4 Martin Mokrejš 2006-03-09 09:15:06 UTC 
Try the following and report back (it compiles for me fine):

cd /usr/portage/app-crypt/heimdal/
cp heimdal-0.7.1-r1.ebuild heimdal-0.7.2.ebuild
cp /usr/portage/distfiles/heimdal-0.7.1-gentoo-patches-0.1.tar.bz2
/usr/portage/distfiles/heimdal-0.7.2-gentoo-patches-0.1.tar.bz2
ebuild heimdal-0.7.2.ebuild digest
emerge -u heimdal && echo "<app-crypt/heimdal-0.7.2" >>
/etc/portage/package.mask
Comment 5 Emanuele Giaquinta (RETIRED) gentoo-dev 2006-03-13 16:30:33 UTC 
Bumped 0.7.2. Arches please test and mark stable.
Comment 6 Markus Rothe (RETIRED) gentoo-dev 2006-03-13 17:36:06 UTC 
bumped to stable on ppc64 (ebuild was somehow missing ~ppc64)
Comment 7 Mark Loeser (RETIRED) gentoo-dev 2006-03-13 22:08:58 UTC 
x86 done
Comment 8 Fernando J. Pereda (RETIRED) gentoo-dev 2006-03-14 09:46:05 UTC 
Alpha done
Comment 9 Luis Medinas (RETIRED) gentoo-dev 2006-03-14 15:08:24 UTC 
stable on amd64
Comment 10 Jason Wever (RETIRED) gentoo-dev 2006-03-14 17:04:43 UTC 
Here a SPARC, there a SPARC, everywhere a SPARC SPARC
Comment 11 Tobias Scherbaum (RETIRED) gentoo-dev 2006-03-15 22:04:27 UTC 
ppc stable
Comment 12 René Nussbaumer (RETIRED) gentoo-dev 2006-03-16 11:20:22 UTC 
Stable on hppa. Forgot to remove CC.
Comment 13 Stefan Cornelius (RETIRED) gentoo-dev 2006-03-17 02:12:10 UTC 
ready for glsa
Comment 14 Stefan Cornelius (RETIRED) gentoo-dev 2006-03-17 10:00:15 UTC 
GLSA 200603-14

Thanks everybody, other arches dont forget to stable to benefit from the GLSA ;)
Comment 15 Joshua Kinard gentoo-dev 2006-09-03 13:36:22 UTC 
0.7.2-r3 was marked stable on mips, thus retro-fixing this.