Debian Security Advisory

DSA-504-1 heimdal -- missing input sanitising

Date Reported:
18 May 2004
Affected Packages:
Security database references:
In the Bugtraq database (at SecurityFocus): BugTraq ID 10288.
In Mitre's CVE dictionary: CVE-2004-0434.
More information:

Evgeny Demidov discovered a potential buffer overflow in a Kerberos 4 component of heimdal, a free implementation of Kerberos 5. The problem is present in kadmind, a server for administrative access to the Kerberos database. This problem could perhaps be exploited to cause the daemon to read a negative amount of data which could lead to unexpected behaviour.

For the stable distribution (woody) this problem has been fixed in version 0.4e-7.woody.9.

For the unstable distribution (sid) this problem has been fixed in version 0.6.2-1.

We recommend that you upgrade your heimdal and related packages.

Fixed in:

Debian GNU/Linux 3.0 (woody)

Architecture-independent component:
Intel IA-32:
Intel IA-64:
Motorola 680x0:
Big endian MIPS:
Little endian MIPS:
IBM S/390:
Sun Sparc:

MD5 checksums of the listed files are available in the original advisory.