updated patch: MITKRB5-SA-2007-006: kadmind RPC lib buffer overflow, uninitialized pointer

John Hascall john at iastate.edu
Thu Sep 6 12:30:10 EDT 2007


> >>>>> "John" == John Hascall <john at iastate.edu> writes:
> John> It would be helpful if you would also say which files
> John> need to be re-installed after applying the patch and
> John> making.   Perhaps it was a local quirk, but I found
> John> that some things were rebuilt that I did not expect
> John> from your description (krb5kdc and krb524d for example).

> The Makefiles currently cause every executable which depends on
> libkadm5srv to be rebuilt if libkadm5srv gets rebuilt.  This dates
> back to when static libraries could be built, but might also be needed
> in certain cases for shared libraries.  The KDC needs libkadm5srv
> because that's where some of the code for reading realm configuration
> information is located.

OK.  So if I'm reading you correctly:  Even though krb5kdc and krb524d
were rebuilt because they depend on libkadm5srv they don't make any use
of the broken/corrected routine in that library so I am safe to leave
them alone.


Thanks,
John



More information about the Kerberos mailing list