Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 89861 - app-crypt/heimdal: telnet vulnerabilities (CAN-2005-0469)
Summary: app-crypt/heimdal: telnet vulnerabilities (CAN-2005-0469)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High normal (vote)
Assignee: Gentoo Security
URL: http://www.pdc.kth.se/heimdal/advisor...
Whiteboard: B2 [glsa] jaervosz
Keywords:
Depends on:
Blocks:
 
Reported: 2005-04-20 13:22 UTC by Matthias Geerdsen (RETIRED)
Modified: 2005-04-28 08:48 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Matthias Geerdsen (RETIRED) gentoo-dev 2005-04-20 13:22:01 UTC
2005-04-20: telnet vulnerabilities

The telnet client program in Heimdal has buffer overflows in the functions slc_add_reply() and env_opt_add(), which may lead to remote code execution.

0.6.4 fixes this problem.

The only workaround for this bug is to not use the telnet client.

See also CAN-2005-0469
Comment 1 Sune Kloppenborg Jeppesen gentoo-dev 2005-04-20 13:28:33 UTC
kerberos please bump.
Comment 2 Thierry Carrez (RETIRED) gentoo-dev 2005-04-25 05:19:13 UTC
I pinged seemant on that one... he'll have a look.
Comment 3 Seemant Kulleen (RETIRED) gentoo-dev 2005-04-26 11:30:00 UTC
it'll be in portage in about 30 minutes, sorry for the delay, everyone.
Comment 4 Seemant Kulleen (RETIRED) gentoo-dev 2005-04-26 11:59:28 UTC
bumped to 0.6.4 in portage, and stabled on amd64.  I will also test and stable on x86, but the rest of the arch teams need to do it respectively.
Comment 5 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-04-26 13:04:19 UTC
Stable on ppc.
Comment 6 Joshua Kinard gentoo-dev 2005-04-26 22:04:53 UTC
Stable on mips.
Comment 7 Bryan Østergaard (RETIRED) gentoo-dev 2005-04-27 01:20:19 UTC
Stable on alpha + ia64.
Comment 8 Seemant Kulleen (RETIRED) gentoo-dev 2005-04-27 12:36:34 UTC
stable on x86 -- hppa and sparc still outstanding
Comment 9 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-04-27 14:36:53 UTC
Stable on hppa.
Comment 10 Gustavo Zacarias (RETIRED) gentoo-dev 2005-04-27 18:01:08 UTC
sparc stable.
Comment 11 Sune Kloppenborg Jeppesen gentoo-dev 2005-04-28 08:48:42 UTC
GLSA 200504-28