Title: Heimdal Kerberos Forwarding Daemon File Overwriting Vulnerability
Severity: CRITICAL
Description:
Heimdal Kerberos is an implementation of the Kerberos protocol distributed and maintained by the Center for Parallel Computers, KTH. It is open source, and available for Unix and Linux operating systems.
A problem with the implementation could make it possible for remote users to overwrite files on a vulnerable system.
The Heimdal Kerberos Forwarding Daemon does not properly protect some information sent from a client to a server. Because of this, it may be possible to overwrite files accessible via the authenticated user's id. This could result in a denial of service, or potential loss of data.
It should be noted that this vulnerability may be exploited to overwrite files that are write-accessible by the victim.
No further details are known at this time.
Affected Products:
- FreeBSD FreeBSD 4.6.0
- FreeBSD FreeBSD 4.6.0 -RELEASE
- KTH Heimdal 0.3.0 e
- KTH Heimdal 0.4.0 a
- KTH Heimdal 0.4.0 b
- KTH Heimdal 0.4.0 c
- KTH Heimdal 0.4.0 d
- KTH Heimdal 0.4.0 e
- KTH Heimdal 0.4.0 e
- S.u.S.E. Linux 7.2.0
- S.u.S.E. Linux 7.3.0
- S.u.S.E. Linux 8.0.0
References:
- KTH: Heimdal Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
