Security
Security
Certain Heimdal components, ftpd and rcp, are vulnerable to a local privilege escalation.
| Package | app-crypt/heimdal on all architectures |
|---|---|
| Affected versions | < 0.7.2-r3 |
| Unaffected versions | >= 0.7.2-r3 |
Heimdal is a free implementation of Kerberos 5.
The ftpd and rcp applications provided by Heimdal fail to check the return value of calls to seteuid().
A local attacker could exploit this vulnerability to execute arbitrary code with elevated privileges.
There is no known workaround at this time.
All Heimdal users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-crypt/heimdal-0.7.2-r3"
Release date
August 23, 2006
Latest revision
August 23, 2006: 01
Severity
high
Exploitable
local
Bugzilla entries