Skip Menu |

To: krb5-bugs@MIT.EDU
Subject: Buffer overflows in kdb_load_library could lead to arbitrary code execution
Date: Fri, 27 Jan 2006 16:38:44 -0500 (EST)
From: hartmans@MIT.EDU (Sam Hartman)

It looks like there is no check to make sure that the database name
and locations both read from the configuration file do not overflow
the statically allocated buffer.

This is probably not a huge deal but it is not something we should ship with.