-









































































Debian Security Advisory DSA 629-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
January 7th, 2005                       http://www.debian.org/security/faq



















































































































































-









































































Package        : krb5
Vulnerability  : buffer overflow
Problem-Type   : remote
Debian-specific: no
CVE ID         : CAN-2004-1189
CERT advisory  : VU#948033

A buffer overflow has been discovered in the MIT Kerberos 5
administration library (libkadm5srv) that could lead to the execution
of arbitrary code upon exploition by an authenticated user, not
necessarily one with administrative privileges.

For the stable distribution (woody) this problem has been fixed in
version 1.2.4-5woody7.

For the unstable distribution (sid) this problem has been fixed in
version 1.3.6-1.

We recommend that you upgrade your krb5 packages.