Bugtraq mailing list archives
Re: Major security-hole in kerberos rsh, rcp and rlogin.
From: panzer () DHP COM (Matt)
Date: Tue, 4 Nov 1997 19:25:37 GMT
In mail.bugtraq Richard Levitte - VMS Whacker <LeViMS () STACKEN KTH SE> wrote: : To remove some of the panic: to activate the bug, it is required that : there are valid tickets for the target user laying around somewhere on : your system (usually in /tmp/). Why not remove some more of the panic and actually describe what is wrong. Buffer overflow? Bad assumptions of environmental variables. Follows links in /tmp? Etc. This would at least help other people look for solutions (and/or bugs in other versions of kerberos). Your option to include "exploitz" or not, but at least a description slightly more then "kerberos is insecure". : The bug is still a very serious one. This list used to be "full-disclosure", or at least slightly. -- -Matt (panzer () dhp com) -- DataHaven Project - http://www.dhp.com/ "That which can never be enforced should not be prohibited."
Current thread:
- Re: Major security-hole in kerberos rsh, rcp and rlogin. Artur Grabowski (Nov 03)
- <Possible follow-ups>
- Re: Major security-hole in kerberos rsh, rcp and rlogin. Matt (Nov 04)
- Re: Major security-hole in kerberos rsh, rcp and rlogin. Mattias Amnefelt (Nov 06)
- Re: Major security-hole in kerberos rsh, rcp and rlogin. Holden (Nov 06)
- Re: Major security-hole in kerberos rsh, rcp and rlogin. Jeff Polk (Nov 07)
- Re: Major security-hole in kerberos rsh, rcp and rlogin. Robert Watson (Nov 07)