MIT has reported another flaw to us, CVE-2007-2798: The MIT krb5 Kerberos administration daemon (kadmind) is vulnerable to a stack buffer overflow. The kadmind code which performs the principal renaming operation passes unchecked string arguments to a sprintf() call which has a fixed-size stack buffer as its destination. These strings are the old and new principal names passed to the rename operation. The attacker needs to authenticate to kadmind to perform this attack, but no administrative privileges are required because the vulnerable code executes prior to privilege verification.
The attacker must be authenticated, therefore this issue is important impact on Red Hat Enterprise Linux.
Lifting embargo: http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2007-005.txt
Support Can you please give me a status on the release for the fix. I need rpm's for RHELWSV4 and RHELWSV3 ASAP Thanks -Carl krekoriancr.navy.mil
This issue was addressed in: Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2007-0384.html http://rhn.redhat.com/errata/RHSA-2007-0562.html Fedora: https://admin.fedoraproject.org/updates/F7/FEDORA-2007-0740