• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Heimdal K5AdminD Remote Heap Buffer Overflow

It has been reported that a remote heap overflow vulnerability exists in the k5admind daemon. This issue is due to an input validation error that fails to validate length given in the framing in kerberos 4 network communication packets.

It has been reported that this issue will only affect versions of the daemon that include Kerberos 4 support; If the daemon does not include this compatibility then it is not vulnerable.

The immediate consequences of an attacker will trigger a denial of service condition in the affected server. It might also be possible that this issue could facilitate remote code execution that would take place with the privileges of the affected daemon.