mailing list archives
Re: Buffer overflow in kadmind4
From: "Chris Barnes" <chris1 () yyhmail com>
Date: Sun, 27 Oct 2002 19:26:15 +0800
About the KTH Heimdal remote root exploit I can say it is really serious!
About a week ago a hacker stole over 10'000 passwords from Stockholm University in Sweden for all students and staff by
trapping the stack buffer overflow in kadmind4. You can imagine what problems this caused and what this will cost.
As we at our place have learned it is important to protect the KDC server by a firewall to not allow the rest of the
world to reach it. Since this happened a week ago exploits for this are floating around.
Also we've heard people talking after examining the Heimdal code more carefully that there is a few more parts in it
which needs to be rewritten. So if you
run a KDC, please protect it carefully! There will probably be new realeases of Heimdal out in a week or so.
Please upgrade your systems ASAP becase this is a really serios problem!
Powered by Outblaze
- Re: Buffer overflow in kadmind4 Chris Barnes (Oct 28)