From Bugzilla Helper: User-Agent: Mozilla/4.75 [en] (X11; U; Linux 2.4.3 i686) Description of problem: Quote from the advisory(please see the provided URL)."A stack buffer overflow in the implementation of the Kerberos v4 compatibility administration daemon (kadmind4) in the MIT krb5 distribution can be exploited to gain unauthorized root access to a KDC host. The attacker does not need to authenticate to the daemon to successfully perform this attack. At least one exploit is known to exist in the wild, and at least one attacker is reasonably competent at cleaning up traces of intrusion. The kadmind4 supplied with MIT krb5 is intended for use in sites that require compatibility with legacy administrative clients; sites that do not have this requirement are not likely to be running this daemon Version-Release number of selected component (if applicable): How reproducible: Didn't try Additional info: I got the source code from ftp://updates.redhat.com/7.2/en/os/SRPMS/krb5-1.2.2-14.src.rpm please go to line 170 of file src/kadmin/v4server/kadm_ser_wrap.c, then compare the code againt the patch from http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2002-002-kadm4.txt The boundary checking is missing from the file src/kadmin/v4server/kadm_ser_wrap.c. I think krb5-1.2.2-14 from ftp://updates.redhat.com/7.2/en/os/SRPMS is vulnerable.
Releases of Red Hat Linux version 6.2 and higher include versions of MIT Kerberos that are vulnerable to this issue; however the vulnerable administration server, kadmind4, has never been enabled by default. We are currently working on producing errata packages. When complete these will be available along with our advisory at the URL below. At the same time users of the Red Hat Network will be able to update their systems using the 'up2date' tool. http://rhn.redhat.com/errata/RHSA-2002-242.html