[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: Re: Buffer overflow in kadmind4
From: "Chris Barnes" <chris1 () yyhmail ! com>
Date: 2002-10-27 11:26:15
[Download RAW message or body]
Hi!
About the KTH Heimdal remote root exploit I can say it is really serious!
About a week ago a hacker stole over 10'000 passwords from Stockholm University in \
Sweden for all students and staff by trapping the stack buffer overflow in kadmind4. \
You can imagine what problems this caused and what this will cost.
As we at our place have learned it is important to protect the KDC server by a \
firewall to not allow the rest of the world to reach it. Since this happened a week \
ago exploits for this are floating around.
Also we've heard people talking after examining the Heimdal code more carefully that \
there is a few more parts in it which needs to be rewritten. So if you run a KDC, \
please protect it carefully! There will probably be new realeases of Heimdal out in a \
week or so.
Please upgrade your systems ASAP becase this is a really serios problem!
--Chris
--
Powered by Outblaze
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic