Bugtraq mailing list archives

Re: Major security-hole in kerberos rsh, rcp and rlogin.

From: panzer () DHP COM (Matt)
Date: Tue, 4 Nov 1997 19:25:37 GMT


In mail.bugtraq Richard Levitte - VMS Whacker <LeViMS () STACKEN KTH SE> wrote:
: To remove some of the panic:  to activate the bug, it is required that
: there are valid tickets for the target user laying around somewhere on
: your system (usually in /tmp/).

Why not remove some more of the panic and actually describe what is wrong.
Buffer overflow?  Bad assumptions of environmental variables.  Follows
links in /tmp?  Etc.  This would at least help other people look for
solutions (and/or bugs in other versions of kerberos).  Your option to
include "exploitz" or not, but at least a description slightly more then
"kerberos is insecure".

: The bug is still a very serious one.
This list used to be "full-disclosure", or at least slightly.
--
 -Matt (panzer () dhp com)  --  DataHaven Project - http://www.dhp.com/
  "That which can never be enforced should not be prohibited."

Current thread:

Re: Major security-hole in kerberos rsh, rcp and rlogin. Artur Grabowski (Nov 03)
- <Possible follow-ups>
- Re: Major security-hole in kerberos rsh, rcp and rlogin. Matt (Nov 04)
- Re: Major security-hole in kerberos rsh, rcp and rlogin. Mattias Amnefelt (Nov 06)
  - Re: Major security-hole in kerberos rsh, rcp and rlogin. Holden (Nov 06)
- Re: Major security-hole in kerberos rsh, rcp and rlogin. Jeff Polk (Nov 07)
  - Re: Major security-hole in kerberos rsh, rcp and rlogin. Robert Watson (Nov 07)