MITKRB5-SA-2007-002: KDC, kadmind stack overflow in krb5_klog_syslog

Mike,
What modifications did you make to your
src/lib/kadm5/configure script?
 There is mention in the advisory about making changes to
detect
vsnprintf() but I am not exactly sure how to do that.  I am
not a
developer but need to patch our kerberos code for these 3
security issues.
-Eddie B.
________________________________________________
Kerberos mailing list           Kerberosmit.edu
htt
ps://mailman.mit.edu/mailman/listinfo/kerberos

Specifically,

====================
diff -Nur krb5-040307/lib/kadm5/configure
krb5/lib/kadm5/configure
--- krb5-040307/lib/kadm5/configure     2005-11-16
16:47:28.000000000 -0600
+++ krb5/lib/kadm5/configure    2007-04-03
15:15:04.000000000 -0500
 -5453,7
+5453,7 



-for ac_func in openlog syslog closelog strftime vsprintf
+for ac_func in openlog syslog closelog strftime vsprintf
vsnprintf
do
as_ac_var=`echo "ac_cv_func_$ac_func" |
$as_tr_sh`
echo "$as_me:$LINENO: checking for $ac_func"
>&5
=====================

That's included in the patch I posted and results in
-DHAVE_VSNPRINTF=1 
(at least for me it did).

-Mike

Edward Beuerlein wrote:
> Mike,
> What modifications did you make to your
src/lib/kadm5/configure script?
>  There is mention in the advisory about making changes
to detect
> vsnprintf() but I am not exactly sure how to do that. 
I am not a
> developer but need to patch our kerberos code for these
3 security issues.
> -Eddie B.
> ________________________________________________
> Kerberos mailing list           Kerberosmit.edu
> htt
ps://mailman.mit.edu/mailman/listinfo/kerberos
> 
> 
________________________________________________
Kerberos mailing list           Kerberosmit.edu
htt
ps://mailman.mit.edu/mailman/listinfo/kerberos