Heimdal: ftpd root escalation Several bugs exist in the Heimdal ftp daemon which could allow a remote attacker to gain root privileges. heimdal 2004-09-16 2004-09-16 61412 remote 0.6.3 0.6.3

Heimdal is an implementation of Kerberos 5.

Przemyslaw Frasunek discovered several flaws in lukemftpd, which also apply to Heimdal ftpd's out-of-band signal handling code.

Additionally, a potential vulnerability that could lead to Denial of Service by the Key Distribution Center (KDC) has been fixed in this version.

A remote attacker could be able to run arbitrary code with escalated privileges, which can result in a total compromise of the server.

There is no known workaround at this time.

All Heimdal users should upgrade to the latest version:

# emerge sync # emerge -pv ">=app-crypt/heimdal-0.6.3" # emerge ">=app-crypt/heimdal-0.6.3" Heimdal advisory Advisory by Przemyslaw Frasunek CAN-2004-0794 vorlon078 jaervosz