Heimdal Kerberos Forwarding Daemon Zero Terminated String Passing Buffer Overflow Vulnerability Solution:
NetBSD has released an advisory addressing this issue. All versions of NetBSD, including NetBSD-current source prior to September 10, 2002, contain the vulnerable binary, though the service is not enabled by default. NetBSD has fixed this version vulnerability in the 1.5 version of the source, and the 1.6 branch fix is pending. NetBSD Security has advised users of 1.6 to manually remove the vulnerable binaries after completing a "make build".
Users of Gentoo Linux are advised to upgrade using the following commands:
emerge rsync
emerge heimdal
emerge clean
Updated versions available:
KTH Heimdal 0.3 e
KTH Heimdal 0.4 d
Keware Technologies HomeSeer 0.4 e
KTH Heimdal 0.4 b
KTH Heimdal 0.4 c
KTH Heimdal 0.4 e
KTH Heimdal 0.4 a
