• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Heimdal Kerberos Forwarding Daemon Zero Terminated String Passing Buffer Overflow Vulnerability

Heimdal Kerberos is an implementation of the Kerberos protocol distributed and maintained by the Center for Parallel Computers, KTH. It is open source, and available for Unix and Linux operating systems.

The Heimdal Kerberos Forwarding Daemon does not properly check information sent from a client to a server for the termination of strings. As this information is often passed to additional programs that may be executed with elevated privileges, it could be possible to exploit a buffer overflow in one of these programs.