MITKRB5-SA-2007-002: KDC, kadmind stack overflow in krb5_klog_syslog [CVE-2007-0957]
Mike Dopheide
dopheide at ncsa.uiuc.edu
Tue Apr 3 17:50:18 EDT 2007
Specifically,
====================
diff -Nur krb5-040307/lib/kadm5/configure krb5/lib/kadm5/configure
--- krb5-040307/lib/kadm5/configure 2005-11-16 16:47:28.000000000 -0600
+++ krb5/lib/kadm5/configure 2007-04-03 15:15:04.000000000 -0500
@@ -5453,7 +5453,7 @@
-for ac_func in openlog syslog closelog strftime vsprintf
+for ac_func in openlog syslog closelog strftime vsprintf vsnprintf
do
as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
echo "$as_me:$LINENO: checking for $ac_func" >&5
=====================
That's included in the patch I posted and results in -DHAVE_VSNPRINTF=1
(at least for me it did).
-Mike
Edward Beuerlein wrote:
> Mike,
> What modifications did you make to your src/lib/kadm5/configure script?
> There is mention in the advisory about making changes to detect
> vsnprintf() but I am not exactly sure how to do that. I am not a
> developer but need to patch our kerberos code for these 3 security issues.
> -Eddie B.
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
More information about the Kerberos
mailing list