Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 89861

Summary: app-crypt/heimdal: telnet vulnerabilities (CAN-2005-0469)
Product: Gentoo Security Reporter: Matthias Geerdsen (RETIRED) <vorlon>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: kerberos
Priority: High    
Version: unspecified   
Hardware: All   
OS: All   
URL: http://www.pdc.kth.se/heimdal/advisory/2005-04-20/
Whiteboard: B2 [glsa] jaervosz
Package list:
Runtime testing required: ---

Description Matthias Geerdsen (RETIRED) gentoo-dev 2005-04-20 13:22:01 UTC 
2005-04-20: telnet vulnerabilities

The telnet client program in Heimdal has buffer overflows in the functions slc_add_reply() and env_opt_add(), which may lead to remote code execution.

0.6.4 fixes this problem.

The only workaround for this bug is to not use the telnet client.

See also CAN-2005-0469
Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-04-20 13:28:33 UTC 
kerberos please bump.
Comment 2 Thierry Carrez (RETIRED) gentoo-dev 2005-04-25 05:19:13 UTC 
I pinged seemant on that one... he'll have a look.
Comment 3 Seemant Kulleen (RETIRED) gentoo-dev 2005-04-26 11:30:00 UTC 
it'll be in portage in about 30 minutes, sorry for the delay, everyone.
Comment 4 Seemant Kulleen (RETIRED) gentoo-dev 2005-04-26 11:59:28 UTC 
bumped to 0.6.4 in portage, and stabled on amd64.  I will also test and stable on x86, but the rest of the arch teams need to do it respectively.
Comment 5 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-04-26 13:04:19 UTC 
Stable on ppc.
Comment 6 Joshua Kinard gentoo-dev 2005-04-26 22:04:53 UTC 
Stable on mips.
Comment 7 Bryan Østergaard (RETIRED) gentoo-dev 2005-04-27 01:20:19 UTC 
Stable on alpha + ia64.
Comment 8 Seemant Kulleen (RETIRED) gentoo-dev 2005-04-27 12:36:34 UTC 
stable on x86 -- hppa and sparc still outstanding
Comment 9 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-04-27 14:36:53 UTC 
Stable on hppa.
Comment 10 Gustavo Zacarias (RETIRED) gentoo-dev 2005-04-27 18:01:08 UTC 
sparc stable.
Comment 11 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-04-28 08:48:42 UTC 
GLSA 200504-28