[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Re: Buffer overflow in kadmind4
From:       "Chris Barnes" <chris1 () yyhmail ! com>
Date:       2002-10-27 11:26:15
[Download RAW message or body]

Hi!

About the KTH Heimdal remote root exploit I can say it is really serious!

About a week ago a hacker stole over 10'000 passwords from Stockholm University in \
Sweden for all students and staff by trapping the stack buffer overflow in kadmind4. \
You can imagine what problems this caused and what this will cost.

As we at our place have learned it is important to protect the KDC server by a \
firewall to not allow the rest of the world to reach it. Since this happened a week \
ago exploits for this are floating around.

Also we've heard people talking after examining the Heimdal code more carefully that \
there is a few more parts in it which needs to be rewritten. So if you run a KDC, \
please protect it carefully! There will probably be new realeases of Heimdal out in a \
week or so.

Please upgrade your systems ASAP becase this is a really serios problem!

--Chris
-- 

Powered by Outblaze


[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic