January 11, 2010

Debian Security Advisory 1969 krb5 - integer underflow

It was discovered that krb5, a system for authenticating users and services on a network, is prone to integer underflow in the AES and RC4 decryption operations of the crypto library. A remote attacker can cause crashes, heap corruption, or, under extraordinarily unlikely conditions, arbitrary code execution.

 

For the old stable distribution (etch), this problem has been fixed in version 1.4.4-7etch8...

Read More