Bugtraq mailing list archives
Re: Major security-hole in kerberos rsh, rcp and rlogin.
From: e96_agr () E KTH SE (Artur Grabowski)
Date: Tue, 4 Nov 1997 05:09:59 +0100
To remove some of the panic: to activate the bug, it is required that there are valid tickets for the target user laying around somewhere on your system (usually in /tmp/). The bug is still a very serious one. e96_agr> //Artur Grabowski (administrator on stacken.kth.se) Credits where credits are due: the bug was discovered by Mattias Amnefelt <mattiasa () stacken kth se> -- Richard Levitte \ Spannvägen 38, II \ LeViMS () stacken kth se Vice Chairman and \ S-161 43 BROMMA \ T: +46-8-26 52 47 Redakteur @ Stacken \ SWEDEN \ or +46-708-20 09 64 Tell the users you lov'em, say it with a flower. Give them a Triffid! -- bastard () bofh se Unsolicited commercial email is subject to an archival fee of $400. See <http://www.stacken.kth.se/~levitte/mail/> for more info.
Current thread:
- Re: Major security-hole in kerberos rsh, rcp and rlogin. Artur Grabowski (Nov 03)
- <Possible follow-ups>
- Re: Major security-hole in kerberos rsh, rcp and rlogin. Matt (Nov 04)
- Re: Major security-hole in kerberos rsh, rcp and rlogin. Mattias Amnefelt (Nov 06)
- Re: Major security-hole in kerberos rsh, rcp and rlogin. Holden (Nov 06)
- Re: Major security-hole in kerberos rsh, rcp and rlogin. Jeff Polk (Nov 07)
- Re: Major security-hole in kerberos rsh, rcp and rlogin. Robert Watson (Nov 07)