[27984] in Kerberos
Re: MITKRB5-SA-2007-005: kadmind vulnerable to buffer overflow
daemon@ATHENA.MIT.EDU (Mike Friedman)
Tue Jun 26 17:29:05 2007
Date: Tue, 26 Jun 2007 14:28:29 -0700 (PDT)
From: Mike Friedman <mikef@ack.berkeley.edu>
To: Tom Yu <tlyu@mit.edu>
In-Reply-To: <ldvy7i6sigb.fsf@cathode-dark-space.mit.edu>
Message-ID: <20070626132150.G72777@malcolm.berkeley.edu>
MIME-Version: 1.0
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tue, 26 Jun 2007 at 14:01 (-0400), Tom Yu wrote:
> This patch has the patch in MITKRB5-SA-2007-002 as a prerequisite. The
> krb5-1.6.1 and krb5-1.5.3 releases already contains the prerequisite
> patch.
Tom,
When 2007-02 came out, there wasn't a version of the patch for 1.4.2,
which I was, and am, running. When I asked about this at the time, I was
told the following:
Your patching may be significantly simplified if you are certain that
vsnprintf() is present on your systems; in that case you may omit the
changes to files other than src/lib/kadm5/logger.c, at the expense of
sometimes losing some log data due to vsnprintf() performing
truncation. Also, it is probably wise to unconditionally call
vsnprintf() in logger.c (rather than under #ifdef HAVE_VSNPRINTF) in
that case.
My system does support vsnprintf(), so, I followed the above advice.
Now, I'm faced with having to install 2007-05, which has the full 2007-02
patch as pre-requisite.
Any suggestions as to the easiest way to proceed? I'd like at present to
avoid significant testing of a new release if it's likely to have some
incompatibilities. I'm not sure what the issues are between 1.5.3 and
1.6.1 in this regard.
If I had a version of 2007-05 that fit 1.4.2 with only the 'logger.c'
portion of 2007-02 applied, that would, I suppose, be the best I could
expect. What are the chances of that?
Anyway, I seem to be in a bind. Is there a way I can get 2007-05 on
without too much effort at this point?
Thanks.
Mike
_________________________________________________________________________
Mike Friedman Information Services & Technology
mikef@ack.Berkeley.EDU 2484 Shattuck Avenue
1-510-642-1410 University of California at Berkeley
http://socrates.berkeley.edu/~mikef http://ist.berkeley.edu
_________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
iQA/AwUBRoGFAK0bf1iNr4mCEQIzaACcDQjx3SuNUhIr4EUU+kJ55U6AJdEAnicY
i7hzccZaRmlCpbH3YGHfsTq0
=LiR0
-----END PGP SIGNATURE-----
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
