Russ Allbery

**Name of the Vulnerable Software and Affected Versions** pam-krb5 versions prior to 4.9 **Description** The issue is related to a buffer overflow in pam-krb5 that may cause remote code execution when the Kerberos library performs supplemental prompting. This can happen if an attacker responds to a prompt with a carefully chosen answer length, potentially overflowing a buffer provided by the underlying Kerberos library. The effect can range from heap corruption to stack corruption, with possible code execution. This code path is used when the Kerberos library does supplemental prompting, such as with PKINIT or the non-standard no prompt PAM configuration option. **Recommendations** For versions prior to 4.9, update to version 4.9 or later to resolve the issue. As a temporary workaround, consider disabling supplemental prompting by the Kerberos library until a patch is available. Restrict access to the pam-krb5 library to minimize the risk of exploitation. Avoid using the non-standard no prompt PAM configuration option until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** rssh version 2.3.0 **Description** The issue is related to a problem in the util.c file of rssh, where the lack of braces to define a block causes a check to always succeed, allowing rsync and rdist to bypass intended access restrictions defined in rssh.conf. **Recommendations** For rssh version 2.3.0, consider modifying the util.c file to properly use braces and define blocks, ensuring that access restrictions in rssh.conf are correctly enforced. As a temporary workaround, restrict access to rsync and rdist until the issue is resolved.