updated patch: MITKRB5-SA-2007-006: kadmind RPC lib buffer overflow, uninitialized pointer

John Hascall john at iastate.edu
Thu Sep 6 08:22:51 EDT 2007




> Prior to that release you may apply the following patch.  Note that
> releases prior to krb5-1.5 will not need the svr_policy.c patch.
     ...

It would be helpful if you would also say which files
need to be re-installed after applying the patch and
making.   Perhaps it was a local quirk, but I found
that some things were rebuilt that I did not expect
from your description (krb5kdc and krb524d for example).

> find . -type f | xargs ls -l | grep 'Sep  5' | grep -v 'unit-test'
-rwxr-xr-x  1 john   225533 Sep  5 18:26 ./kadmin/cli/kadmin
-rwxr-xr-x  1 john   226072 Sep  5 18:26 ./kadmin/cli/kadmin.local
-rwxr-xr-x  1 john   254659 Sep  5 18:26 ./kadmin/dbutil/kdb5_util
-rwxr-xr-x  1 john    82739 Sep  5 18:26 ./kadmin/passwd/kpasswd
-rwxr-xr-x  1 john   285860 Sep  5 18:26 ./kadmin/server/kadmind
-rwxr-xr-x  1 john   278482 Sep  5 18:26 ./kdc/krb5kdc
-rwxr-xr-x  1 john    93115 Sep  5 18:26 ./kdc/rtest
-rwxr-xr-x  1 john   110519 Sep  5 18:26 ./krb524/krb524d
-rwxr-xr-x  1 john   357170 Sep  5 18:26 ./lib/kadm5/clnt/libkadm5clnt.so.5.1
-rw-r--r--  1 john      190 Sep  5 18:26 ./lib/kadm5/srv/OBJS.SH
-rwxr-xr-x  1 john   456868 Sep  5 18:26 ./lib/kadm5/srv/libkadm5srv.so.5.1
-rw-r--r--  1 john     8326 Sep  5 18:25 ./lib/kadm5/srv/svr_policy.c
-rw-r--r--  1 john      531 Sep  5 18:25 ./lib/kadm5/srv/svr_policy.c.rej
-rw-r--r--  1 john    76560 Sep  5 18:26 ./lib/kadm5/srv/svr_policy.so
-rw-r--r--  1 john      633 Sep  5 18:26 ./lib/rpc/OBJS.SH
-rwxr-xr-x  1 john   381527 Sep  5 18:26 ./lib/rpc/libgssrpc.so.4.0
-rw-r--r--  1 john    19114 Sep  5 18:25 ./lib/rpc/svc_auth_gss.c
-rw-r--r--  1 john    18913 Sep  5 18:25 ./lib/rpc/svc_auth_gss.c.orig
-rw-r--r--  1 john    46084 Sep  5 18:26 ./lib/rpc/svc_auth_gss.so


Thanks,
John



More information about the Kerberos mailing list