|
|
>> Heimdal rshd and Telnet Privilege Escalation and Denial of Service Issues
|
Title : Heimdal rshd and Telnet Privilege Escalation and Denial of Service Issues
VUPEN ID : VUPEN/ADV-2006-0456
CVE ID : CVE-2006-0582 - CVE-2006-0677
Rated as : Moderate Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-02-07
|
Two vulnerability were identified in Heimdal, which could be exploited by remote attackers to cause a denial of service or by local users to obtain elevated privileges.
The first flaw is due to an error in the rshd server when storing forwarded credentials, which could be exploited by local attackers to overwrite a file with its credential cache and get ownership of the file.
The second issue is due to a NULL pointer dereference error in the telnet service, which could be exploited by remote attackers to cause a denial of service.
Affected Products
Heimdal versions prior to 0.7.2
Heimdal versions prior to 0.6.6
Solution
Upgrade to Heimdal version 0.7.2 or 0.6.6 :
http://www.pdc.kth.se/heimdal/
References
http://www.vupen.com/english/advisories/2006/0456
http://www.pdc.kth.se/heimdal/advisory/2006-02-06/
Credits
Vulnerability reported by the vendor
ChangeLog
2006-02-07 : Initial release
2006-02-15 : Additional vulnerability
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
