Heimdal: rshd privilege escalation — GLSA 200603-14

An error in the rshd daemon of Heimdal could allow authenticated users to elevate privileges.

Affected packages

Package 	app-crypt/heimdal on all architectures
Affected versions 	< 0.7.2
Unaffected versions 	>= 0.7.2

Background

Heimdal is a free implementation of Kerberos 5.

Description

An unspecified privilege escalation vulnerability in the rshd server of Heimdal has been reported.

Impact

Authenticated users could exploit the vulnerability to escalate privileges or to change the ownership and content of arbitrary files.

Workaround

There is no known workaround at this time.

Resolution

All Heimdal users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-crypt/heimdal-0.7.2"

References

    CVE-2006-0582
    Heimdal Advisory 2006-02-06