Hi! About the KTH Heimdal remote root exploit I can say it is really serious! About a week ago a hacker stole over 10'000 passwords from Stockholm University in Sweden for all students and staff by trapping the stack buffer overflow in kadmind4. You can imagine what problems this caused and what this will cost. As we at our place have learned it is important to protect the KDC server by a firewall to not allow the rest of the world to reach it. Since this happened a week ago exploits for this are floating around. Also we've heard people talking after examining the Heimdal code more carefully that there is a few more parts in it which needs to be rewritten. So if you run a KDC, please protect it carefully! There will probably be new realeases of Heimdal out in a week or so. Please upgrade your systems ASAP becase this is a really serios problem! --Chris -- Powered by Outblaze
This archive was generated by hypermail 2b30 : Mon Oct 28 2002 - 10:06:38 PST