FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

heimdal -- Multiple vulnerabilities

Affected packages
heimdal < 0.6.6

Details

VuXML ID b62c80c2-b81a-11da-bec5-00123ffe8333
Discovery 2006-02-06
Entry 2006-03-20

A Project heimdal Security Advisory reports:

The telnet client program in Heimdal has buffer overflows in the functions slc_add_reply() and env_opt_add(), which may lead to remote code execution.

[source]

The telnetd server program in Heimdal has buffer overflows in the function getterminaltype, which may lead to remote code execution.

[source]

The rshd server in Heimdal has a privilege escalation bug when storing forwarded credentials. The code allowes a user to overwrite a file with its credential cache, and get ownership of the file.

[source]

References

CVE Name CVE-2005-0469
CVE Name CVE-2005-2040
CVE Name CVE-2006-0582
CVE Name CVE-2006-0677
URL http://www.pdc.kth.se/heimdal/advisory/2005-04-20
URL http://www.pdc.kth.se/heimdal/advisory/2005-06-20
URL http://www.pdc.kth.se/heimdal/advisory/2006-02-06

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.