Bug#315086: marked as done (Heimdal telnetd Buffer Overflow Vulnerability)

Sun, 03 Jul 2005 00:23:29 -0700 

Your message dated Sun, 03 Jul 2005 03:02:10 -0400
with message-id <[EMAIL PROTECTED]>
and subject line Bug#315065: fixed in heimdal 0.6.3-11
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 20 Jun 2005 14:10:38 +0000
>From [EMAIL PROTECTED] Mon Jun 20 07:10:38 2005
Return-path: <[EMAIL PROTECTED]>
Received: from polaris.galacticasoftware.com [206.45.95.222] 
        by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
        id 1DkMz0-0003s4-00; Mon, 20 Jun 2005 07:10:38 -0700
Received: from mira.lan.galacticasoftware.com 
([2001:470:1f00:907:20d:87ff:fe3c:98c8] helo=ip6-localhost)
        by polaris.galacticasoftware.com with esmtp (Exim 4.50)
        id 1DkMyx-0000y8-Oo; Mon, 20 Jun 2005 09:10:35 -0500
Received: from adamm by ip6-localhost with local (Exim 4.51)
        id 1DkMz1-0001gN-Tj; Mon, 20 Jun 2005 09:10:39 -0500
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Adam Majer <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: Heimdal telnetd Buffer Overflow Vulnerability
X-Mailer: reportbug 3.14
Date: Mon, 20 Jun 2005 09:10:39 -0500
Message-Id: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
        autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Package: heimdal-servers
Severity: critical
Tags: security

The following is from Secunia advisory SA15718 which may be found at
http://secunia.com/advisories/15718/


DESCRIPTION:
A vulnerability has been reported in Heimdal, which potentially can
be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error in telnetd within
the "getterminaltype()" function when processing the terminal type
received from a telnet client.

Successful exploitation may allow execution of arbitrary code.

SOLUTION:
Update to version 0.6.5 or 0.7.
ftp://ftp.pdc.kth.se/pub/heimdal/src/

PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.

ORIGINAL ADVISORY:
http://www.pdc.kth.se/heimdal/advisory/2005-06-20/



-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.11-1-k7
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)

---------------------------------------
Received: (at 315065-close) by bugs.debian.org; 3 Jul 2005 07:08:19 +0000
>From [EMAIL PROTECTED] Sun Jul 03 00:08:19 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
        by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
        id 1DoyaR-0001bk-00; Sun, 03 Jul 2005 00:08:19 -0700
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
        id 1DoyUU-0000pv-00; Sun, 03 Jul 2005 03:02:10 -0400
From: Brian May <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.56 $
Subject: Bug#315065: fixed in heimdal 0.6.3-11
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Sun, 03 Jul 2005 03:02:10 -0400
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
        autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Source: heimdal
Source-Version: 0.6.3-11

We believe that the bug you reported is fixed in the latest version of
heimdal, which is due to be installed in the Debian FTP archive:

heimdal-clients-x_0.6.3-11_i386.deb
  to pool/main/h/heimdal/heimdal-clients-x_0.6.3-11_i386.deb
heimdal-clients_0.6.3-11_i386.deb
  to pool/main/h/heimdal/heimdal-clients_0.6.3-11_i386.deb
heimdal-dev_0.6.3-11_i386.deb
  to pool/main/h/heimdal/heimdal-dev_0.6.3-11_i386.deb
heimdal-docs_0.6.3-11_all.deb
  to pool/main/h/heimdal/heimdal-docs_0.6.3-11_all.deb
heimdal-kdc_0.6.3-11_i386.deb
  to pool/main/h/heimdal/heimdal-kdc_0.6.3-11_i386.deb
heimdal-servers-x_0.6.3-11_i386.deb
  to pool/main/h/heimdal/heimdal-servers-x_0.6.3-11_i386.deb
heimdal-servers_0.6.3-11_i386.deb
  to pool/main/h/heimdal/heimdal-servers_0.6.3-11_i386.deb
heimdal_0.6.3-11.diff.gz
  to pool/main/h/heimdal/heimdal_0.6.3-11.diff.gz
heimdal_0.6.3-11.dsc
  to pool/main/h/heimdal/heimdal_0.6.3-11.dsc
libasn1-6-heimdal_0.6.3-11_i386.deb
  to pool/main/h/heimdal/libasn1-6-heimdal_0.6.3-11_i386.deb
libgssapi1-heimdal_0.6.3-11_i386.deb
  to pool/main/h/heimdal/libgssapi1-heimdal_0.6.3-11_i386.deb
libhdb7-heimdal_0.6.3-11_i386.deb
  to pool/main/h/heimdal/libhdb7-heimdal_0.6.3-11_i386.deb
libkadm5clnt4-heimdal_0.6.3-11_i386.deb
  to pool/main/h/heimdal/libkadm5clnt4-heimdal_0.6.3-11_i386.deb
libkadm5srv7-heimdal_0.6.3-11_i386.deb
  to pool/main/h/heimdal/libkadm5srv7-heimdal_0.6.3-11_i386.deb
libkafs0-heimdal_0.6.3-11_i386.deb
  to pool/main/h/heimdal/libkafs0-heimdal_0.6.3-11_i386.deb
libkrb5-17-heimdal_0.6.3-11_i386.deb
  to pool/main/h/heimdal/libkrb5-17-heimdal_0.6.3-11_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Brian May <[EMAIL PROTECTED]> (supplier of updated heimdal package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun,  3 Jul 2005 13:54:19 +1000
Source: heimdal
Binary: heimdal-servers-x heimdal-clients libkafs0-heimdal libkadm5srv7-heimdal 
heimdal-kdc heimdal-servers libasn1-6-heimdal libkrb5-17-heimdal heimdal-dev 
libkadm5clnt4-heimdal heimdal-docs heimdal-clients-x libgssapi1-heimdal 
libhdb7-heimdal
Architecture: source i386 all
Version: 0.6.3-11
Distribution: unstable
Urgency: low
Maintainer: Brian May <[EMAIL PROTECTED]>
Changed-By: Brian May <[EMAIL PROTECTED]>
Description: 
 heimdal-clients - Clients for Heimdal Kerberos
 heimdal-clients-x - X11 files for Heimdal Kerberos
 heimdal-dev - Development files for Heimdal Kerberos
 heimdal-docs - Documentation for Heimdal Kerberos
 heimdal-kdc - KDC for Heimdal Kerberos
 heimdal-servers - Servers for Heimdal Kerberos
 heimdal-servers-x - X11 files for Heimdal Kerberos
 libasn1-6-heimdal - Libraries for Heimdal Kerberos
 libgssapi1-heimdal - Libraries for Heimdal Kerberos
 libhdb7-heimdal - Libraries for Heimdal Kerberos
 libkadm5clnt4-heimdal - Libraries for Heimdal Kerberos
 libkadm5srv7-heimdal - Libraries for Heimdal Kerberos
 libkafs0-heimdal - Libraries for Heimdal Kerberos
 libkrb5-17-heimdal - Libraries for Heimdal Kerberos
Closes: 315065
Changes: 
 heimdal (0.6.3-11) unstable; urgency=low
 .
   * Apply patch to fix "Remotely exploitable buffer overflow in
     getterminaltype function", reported in Secunia advisory SA15718 at
     http://secunia.com/advisories/15718/. Closes: #315065.
Files: 
 0ff507544d59bee713f6885b1f762dfd 1010 net optional heimdal_0.6.3-11.dsc
 0b42057b4ea23b5b66bf6eef09afad66 3218913 net optional heimdal_0.6.3-11.diff.gz
 4175b498177546a599eccbc7fa9bb056 1166836 net extra 
heimdal-docs_0.6.3-11_all.deb
 b00f8d3d92bc5e990d666c54653a36db 127130 net extra heimdal-kdc_0.6.3-11_i386.deb
 a7e2b6876913173fc719c9b646a8f0a0 420522 devel extra 
heimdal-dev_0.6.3-11_i386.deb
 809a874e4c2bd0020cdd72edd5f09cb5 62228 net extra 
heimdal-clients-x_0.6.3-11_i386.deb
 dd6479d5ab3daf9a9f330f1b0420f7ee 253372 net extra 
heimdal-clients_0.6.3-11_i386.deb
 22dff0794e682e4d207f5adc599648dc 41388 net extra 
heimdal-servers-x_0.6.3-11_i386.deb
 d2050a0894516b270051f71b08a19027 162582 net extra 
heimdal-servers_0.6.3-11_i386.deb
 26c9c935f8a102701054ba230247d8f9 75690 libs optional 
libasn1-6-heimdal_0.6.3-11_i386.deb
 24a7d0e7975019608a1f7e5f936d2a83 132810 libs optional 
libkrb5-17-heimdal_0.6.3-11_i386.deb
 6eda33c05baf30980fb38f92bae91d9f 51216 libs optional 
libhdb7-heimdal_0.6.3-11_i386.deb
 f5bce4b14ba647eb35b99abe6845c51a 46552 libs optional 
libkadm5srv7-heimdal_0.6.3-11_i386.deb
 8848fdf0e70397b76918764a1ccce653 37114 libs optional 
libkadm5clnt4-heimdal_0.6.3-11_i386.deb
 54614de6a501b21796d2597779468dd4 51990 libs optional 
libgssapi1-heimdal_0.6.3-11_i386.deb
 0e216c7b3cb87fb5526e615edf315086 36048 libs extra 
libkafs0-heimdal_0.6.3-11_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFCx3XHuCinHABTDCQRAjEhAKCQEvXQVPBUoGhvWQntFmjZe/gQ/gCfYPqv
iiqI5EfsWLo8MaG5Q+lLpPQ=
=HEMu
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to