ae3b03d6dd
http://www.pdc.kth.se/heimdal/advisory/2006-02-06/ Changes in Heimdal 0.7.2 * Fix security problem in rshd that enable an attacker to overwrite and change ownership of any file that root could write. * Fix a DOS in telnetd. The attacker could force the server to crash in a NULL de-reference before the user logged in, resulting in inetd turning telnetd off because it forked too fast. * Make gss_acquire_cred(GSS_C_ACCEPT) check that the requested name exists in the keytab before returning success. This allows servers to check if its even possible to use GSSAPI. * Fix receiving end of token delegation for GSS-API. It still wrongly uses subkey for sending for compatibility reasons, this will change in 0.8. * telnetd, login and rshd are now more verbose in logging failed and successful logins. * Bug fixes |
||
|---|---|---|
| .. | ||
| patch-ac | ||
| patch-ad | ||