Bugtraq mailing list archives
Re: Major security-hole in kerberos rsh, rcp and rlogin.
From: robert () cyrus watson org (Robert Watson)
Date: Fri, 7 Nov 1997 23:53:51 -0500
On Fri, 7 Nov 1997, Jeff Polk wrote:
just a note... it appears the bsdi version of su uses kerbose tickets if kerbose is configured.Yes, but the BSDI kerberosIV implementation does not appear to have the problem (the tf_init() routine which opens the ticket file checks to see that the real uid of the process is either root or owns the ticket file).
Similarly, my tests on FreeBSD 2.2.2-RELEASE (and above) indicate that the system is not vulnerable. Robert N Watson Junior, Logic+Computation, Carnegie Mellon University http://www.cmu.edu/ Network Administrator, SafePort Network Services http://www.safeport.com/ robert () fledge watson org rwatson () safeport com http://www.watson.org/~robert/
Current thread:
- Re: Major security-hole in kerberos rsh, rcp and rlogin. Artur Grabowski (Nov 03)
- <Possible follow-ups>
- Re: Major security-hole in kerberos rsh, rcp and rlogin. Matt (Nov 04)
- Re: Major security-hole in kerberos rsh, rcp and rlogin. Mattias Amnefelt (Nov 06)
- Re: Major security-hole in kerberos rsh, rcp and rlogin. Holden (Nov 06)
- Re: Major security-hole in kerberos rsh, rcp and rlogin. Jeff Polk (Nov 07)
- Re: Major security-hole in kerberos rsh, rcp and rlogin. Robert Watson (Nov 07)