Bug 60230 - VUL-0: CVE-2004-0794: heimdal: hijack ftpd sessions
Summary: VUL-0: CVE-2004-0794: heimdal: hijack ftpd sessions
Status: RESOLVED FIXED
Alias: None
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: All Linux
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Thomas Biege
QA Contact: Security Team bot
URL:
Whiteboard: CVE-2004-0794: CVSS v2 Base Score: 5....
Keywords:
Depends on:
Blocks:
 
Reported: 2004-09-14 14:59 UTC by Thomas Biege
Modified: 2021-10-04 10:02 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
The ftpd fix from heimdal 0.6.3 (19.42 KB, patch)
2004-09-15 00:25 UTC, Vladimir Nadvornik 		Details | Diff
patchinfo.heimdal (621 bytes, text/plain)
2004-09-16 17:43 UTC, Thomas Biege 		Details
patchinfo-box.heimdal (681 bytes, text/plain)
2004-09-16 17:47 UTC, Thomas Biege 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Biege 2004-09-14 14:59:52 UTC 
Hello Valdimir, 
please have a look at: 
http://www.pdc.kth.se/heimdal/advisory/2004-09-13/ 
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=271534
Comment 1 Thomas Biege 2004-09-14 14:59:52 UTC 
<!-- SBZ_reproduce  -->
-
Comment 2 Thomas Biege 2004-09-14 15:00:31 UTC 
CAN-2004-0794
Comment 3 Vladimir Nadvornik 2004-09-14 21:34:22 UTC 
Andreas, can I update heimdal in STABLE to 0.6.3 or should I backport the fix?
Comment 4 Andreas Jaeger 2004-09-14 21:56:51 UTC 
Please backport the fix.
Comment 5 Vladimir Nadvornik 2004-09-15 00:25:33 UTC 
Created attachment 23446 [details]
The ftpd fix from heimdal 0.6.3
Comment 6 Vladimir Nadvornik 2004-09-15 22:52:23 UTC 
Packages are submitted, can you please submit patchinfos?
Comment 7 Thomas Biege 2004-09-16 15:18:13 UTC 
Thanks.. I'll do so..
Comment 8 Thomas Biege 2004-09-16 17:43:26 UTC 
Created attachment 23541 [details]
patchinfo.heimdal
Comment 9 Thomas Biege 2004-09-16 17:47:01 UTC 
Created attachment 23542 [details]
patchinfo-box.heimdal
Comment 10 Thomas Biege 2004-09-16 17:53:51 UTC 
Hello Vladimir, 
can you have a look at the patchinfo files please. 
 
I am not sure how to solve the following error: 
check_patchinfo patchinfo-box.heimdal 
WARNING: this must not be a version update: 
- heimdal-devel needs heimdal-0.6.1rc3 in dist 9.1-i386, 9.1-x86_64 
  (which is the released version) 
 
I tried various combination w/o success.
Comment 11 Vladimir Nadvornik 2004-09-16 18:12:11 UTC 
The files looks correct. 
 
The warning is IMHO irrelevant, it is not a version update.
Comment 12 Thomas Biege 2004-09-16 18:45:02 UTC 
ok, 
patchinfo files and laufzettel submitted.
Comment 13 Thomas Biege 2004-10-01 15:48:31 UTC 
packages approved.
Comment 14 Thomas Biege 2009-10-13 19:50:07 UTC 
CVE-2004-0794: CVSS v2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)