Frank Lichtenheld wrote:
> > CAN-2005-0469 describes a buffer overflow in the slc_add_reply()
> > function. It has already been fixed in krb5, but is present in
> > krb4 as well. I'm not familiar with the krn4 code base, but the
> > fix from krb5 seems applicable as well. It's attached, but please
> > double check with Security Team, who might have a better fix.
>
> Is there a specific reason you didn't also include the patch for
> CAN-2005-0468? AFAICT it seems to apply as well.
I hadn't checked it yet, it was still on the list of TODOs along with
netkit-telnet and netkit-telnet-ssl. I just checked and it is in
fact vulnerable for CAN-2005-0469 as well. I can send a patch later
if you haven't prepared one yet.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
