* VU#356961 - MIT Kerberos RPC library gssrpc__svcauth_gssapi() uninitialized pointer free vulnerability
A vulnerability in the MIT Kerberos administration daemon (kadmind) may allow an uninitialized pointer to be freed, which may allow a remote, unauthenticated user to execute arbitrary code. This vulnerability can be triggered by sending a specially crafted Kerberos message to a vulnerable system.
* VU#365313 - MIT Kerberos kadmind RPC library gssrpc__svcauth_unix() integer conversion error
An integer conversion error vulnerability exists in the MIT Kerberos kadmind that may allow a remote, unauthenticated user to execute arbitrary code.
* VU#554257 - MIT Kerberos kadmind principal renaming stack buffer overflow
A stack buffer overflow exists in the way the MIT Kerberos kadmind handles the principle renaming operation, which may allow a remote, authenticated user to execute arbitrary code.
Reproducible: Didn't try
Steps to Reproduce:
May also be related to:
CVE-2007-2442 krb5 RPC library unitialized pointer free,
CVE-2007-2443 krb5 RPC library stack overflow, and
CVE-2007-2798 krb5 kadmind buffer overflow,
which are still under review.
Kerberos please provide the updated ebuild.
mit-krb5-1.5.2-r3 and mit-krb5-1.5.3 both solve this bug.
Please stable both, if possible.
Sorry for calling arches SO late, I've been out of the loop for a few weeks.
Arches please test and mark stable mit-krb5-1.5.2-r3 or mit-krb5-1.5.3. Target keywords are:
"alpha amd64 arm hppa ia64 m68k mips ppc ppc64 s390 sh sparc x86"
Both stable for HPPA.
=app-crypt/mit-krb5-1.5.3 stable on ppc64
GLSA 200707-11, thanks to everybody !