Bugtraq mailing list archives

Re: Major security-hole in kerberos rsh, rcp and rlogin.

From: robert () cyrus watson org (Robert Watson)
Date: Fri, 7 Nov 1997 23:53:51 -0500


On Fri, 7 Nov 1997, Jeff Polk wrote:

just a note...
it appears the bsdi version of su uses kerbose tickets if kerbose is
configured.


Yes, but the BSDI kerberosIV implementation does not appear to
have the problem (the tf_init() routine which opens the ticket
file checks to see that the real uid of the process is either
root or owns the ticket file).


Similarly, my tests on FreeBSD 2.2.2-RELEASE (and above) indicate that the
system is not vulnerable.

  Robert N Watson

Junior, Logic+Computation, Carnegie Mellon University  http://www.cmu.edu/
Network Administrator, SafePort Network Services  http://www.safeport.com/
robert () fledge watson org rwatson () safeport com http://www.watson.org/~robert/

Current thread:

Re: Major security-hole in kerberos rsh, rcp and rlogin. Artur Grabowski (Nov 03)
- <Possible follow-ups>
- Re: Major security-hole in kerberos rsh, rcp and rlogin. Matt (Nov 04)
- Re: Major security-hole in kerberos rsh, rcp and rlogin. Mattias Amnefelt (Nov 06)
  - Re: Major security-hole in kerberos rsh, rcp and rlogin. Holden (Nov 06)
- Re: Major security-hole in kerberos rsh, rcp and rlogin. Jeff Polk (Nov 07)
  - Re: Major security-hole in kerberos rsh, rcp and rlogin. Robert Watson (Nov 07)