Debian Bug report logs - #305574
heimdal: Telnet vulnerabilities (CAN-2005-0469)

version graph

Package: heimdal; Maintainer for heimdal is Brian May <bam@debian.org>;

Reported by: Moritz Muehlenhoff <jmm@inutil.org>

Date: Wed, 20 Apr 2005 21:33:02 UTC

Severity: grave

Tags: security

Fixed in version heimdal/0.6.3-10

Done: Brian May <bam@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, security@debian.org, Brian May <bam@debian.org>:
Bug#305574; Package heimdal. Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to security@debian.org, Brian May <bam@debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: heimdal: Telnet vulnerabilities (CAN-2005-0469)
Date: Wed, 20 Apr 2005 23:21:23 +0200
Package: heimdal
Severity: grave
Tags: security
Justification: user security hole

Heimdal is vulnerable to CAN-2005-0469, the slc_add_reply buffer overflow
reported for multiple telnet clients.

Heimdal 0.6.4 fixes this issue.

Cheers,
        Moritz

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.11
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)



Information forwarded to debian-bugs-dist@lists.debian.org, Brian May <bam@debian.org>:
Bug#305574; Package heimdal. Full text and rfc822 format available.

Acknowledgement sent to astharot@astharot.ath.cx (Gerardo Di Giacomo):
Extra info received and forwarded to list. Copy sent to Brian May <bam@debian.org>. Full text and rfc822 format available.

Message #10 received at 305574@bugs.debian.org (full text, mbox):

From: astharot@astharot.ath.cx (Gerardo Di Giacomo)
To: 305574@bugs.debian.org
Subject: heimdal: Telnet vulnerabilities (CAN-2005-0469)
Date: Thu, 21 Apr 2005 01:36:36 +0200
[Message part 1 (text/plain, inline)]
Patch attached, based on FreeBSD one.

Bye,
Gerardo
[033_telnet_bof (text/plain, attachment)]

Reply sent to Brian May <bam@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #15 received at 305574-close@bugs.debian.org (full text, mbox):

From: Brian May <bam@debian.org>
To: 305574-close@bugs.debian.org
Subject: Bug#305574: fixed in heimdal 0.6.3-10
Date: Mon, 25 Apr 2005 01:32:09 -0400
Source: heimdal
Source-Version: 0.6.3-10

We believe that the bug you reported is fixed in the latest version of
heimdal, which is due to be installed in the Debian FTP archive:

heimdal-clients-x_0.6.3-10_i386.deb
  to pool/main/h/heimdal/heimdal-clients-x_0.6.3-10_i386.deb
heimdal-clients_0.6.3-10_i386.deb
  to pool/main/h/heimdal/heimdal-clients_0.6.3-10_i386.deb
heimdal-dev_0.6.3-10_i386.deb
  to pool/main/h/heimdal/heimdal-dev_0.6.3-10_i386.deb
heimdal-docs_0.6.3-10_all.deb
  to pool/main/h/heimdal/heimdal-docs_0.6.3-10_all.deb
heimdal-kdc_0.6.3-10_i386.deb
  to pool/main/h/heimdal/heimdal-kdc_0.6.3-10_i386.deb
heimdal-servers-x_0.6.3-10_i386.deb
  to pool/main/h/heimdal/heimdal-servers-x_0.6.3-10_i386.deb
heimdal-servers_0.6.3-10_i386.deb
  to pool/main/h/heimdal/heimdal-servers_0.6.3-10_i386.deb
heimdal_0.6.3-10.diff.gz
  to pool/main/h/heimdal/heimdal_0.6.3-10.diff.gz
heimdal_0.6.3-10.dsc
  to pool/main/h/heimdal/heimdal_0.6.3-10.dsc
libasn1-6-heimdal_0.6.3-10_i386.deb
  to pool/main/h/heimdal/libasn1-6-heimdal_0.6.3-10_i386.deb
libgssapi1-heimdal_0.6.3-10_i386.deb
  to pool/main/h/heimdal/libgssapi1-heimdal_0.6.3-10_i386.deb
libhdb7-heimdal_0.6.3-10_i386.deb
  to pool/main/h/heimdal/libhdb7-heimdal_0.6.3-10_i386.deb
libkadm5clnt4-heimdal_0.6.3-10_i386.deb
  to pool/main/h/heimdal/libkadm5clnt4-heimdal_0.6.3-10_i386.deb
libkadm5srv7-heimdal_0.6.3-10_i386.deb
  to pool/main/h/heimdal/libkadm5srv7-heimdal_0.6.3-10_i386.deb
libkafs0-heimdal_0.6.3-10_i386.deb
  to pool/main/h/heimdal/libkafs0-heimdal_0.6.3-10_i386.deb
libkrb5-17-heimdal_0.6.3-10_i386.deb
  to pool/main/h/heimdal/libkrb5-17-heimdal_0.6.3-10_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 305574@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Brian May <bam@debian.org> (supplier of updated heimdal package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 25 Apr 2005 14:48:03 +1000
Source: heimdal
Binary: heimdal-servers-x heimdal-clients libkafs0-heimdal libkadm5srv7-heimdal heimdal-kdc heimdal-servers libasn1-6-heimdal libkrb5-17-heimdal heimdal-dev libkadm5clnt4-heimdal heimdal-docs heimdal-clients-x libgssapi1-heimdal libhdb7-heimdal
Architecture: source i386 all
Version: 0.6.3-10
Distribution: unstable
Urgency: low
Maintainer: Brian May <bam@debian.org>
Changed-By: Brian May <bam@debian.org>
Description: 
 heimdal-clients - Clients for Heimdal Kerberos
 heimdal-clients-x - X11 files for Heimdal Kerberos
 heimdal-dev - Development files for Heimdal Kerberos
 heimdal-docs - Documentation for Heimdal Kerberos
 heimdal-kdc - KDC for Heimdal Kerberos
 heimdal-servers - Servers for Heimdal Kerberos
 heimdal-servers-x - X11 files for Heimdal Kerberos
 libasn1-6-heimdal - Libraries for Heimdal Kerberos
 libgssapi1-heimdal - Libraries for Heimdal Kerberos
 libhdb7-heimdal - Libraries for Heimdal Kerberos
 libkadm5clnt4-heimdal - Libraries for Heimdal Kerberos
 libkadm5srv7-heimdal - Libraries for Heimdal Kerberos
 libkafs0-heimdal - Libraries for Heimdal Kerberos
 libkrb5-17-heimdal - Libraries for Heimdal Kerberos
Closes: 95246 305574
Changes: 
 heimdal (0.6.3-10) unstable; urgency=low
 .
   * LDAP support (closes: #95246).
   * Fix buffer overflow security bug in telnet client, CAN-2005-0469,
     closes: #305574.
Files: 
 697981d710dfb229a2f28b6dfdc2208e 1010 net optional heimdal_0.6.3-10.dsc
 bff951cac5747de94f0e9c0b3c47b14e 3217979 net optional heimdal_0.6.3-10.diff.gz
 d076894a215a0821a61296b9bb72efc9 1166748 net extra heimdal-docs_0.6.3-10_all.deb
 a55f6a22ebbc1766e486ca2a6ebfb290 126794 net extra heimdal-kdc_0.6.3-10_i386.deb
 41a7ab45fa0de672023090c457ee2d06 420324 devel extra heimdal-dev_0.6.3-10_i386.deb
 710eefc8a48a11a30f2819a3f74d0ef1 62036 net extra heimdal-clients-x_0.6.3-10_i386.deb
 ed9c7d230971a203f980e571ba3e1725 252866 net extra heimdal-clients_0.6.3-10_i386.deb
 d9e41b14ed4c526c201e44291b76e4ed 41232 net extra heimdal-servers-x_0.6.3-10_i386.deb
 837596ec258f193c92cafa062f20f576 162248 net extra heimdal-servers_0.6.3-10_i386.deb
 8ca1a3f92ffd6541a879a52a573919a8 75590 libs optional libasn1-6-heimdal_0.6.3-10_i386.deb
 850b74f59c77802fb33f4b07a82fdf19 132658 libs optional libkrb5-17-heimdal_0.6.3-10_i386.deb
 6f70e7ef0d2e86e472bbb9178a420e2e 51054 libs optional libhdb7-heimdal_0.6.3-10_i386.deb
 c6550218270ef2efda021b8f7eecfd96 46382 libs optional libkadm5srv7-heimdal_0.6.3-10_i386.deb
 5d387954595cc49cf806fa74fd703315 36982 libs optional libkadm5clnt4-heimdal_0.6.3-10_i386.deb
 169dc8ac7b7092d9b72b030945a49917 51810 libs optional libgssapi1-heimdal_0.6.3-10_i386.deb
 c47a2451f200f36b5c61a692c2ec6631 35910 libs extra libkafs0-heimdal_0.6.3-10_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFCbHutuCinHABTDCQRAqS7AKCCWLhxvRXxPUQtngLSjdLDRSk5PgCdEYee
yVrSh5rVWwBw+zFSpo2Cpeo=
=P0p/
-----END PGP SIGNATURE-----




Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 24 02:55:55 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.