Re: Major security-hole in kerberos rsh, rcp and rlogin.

Artur Grabowski (e96_agr@E.KTH.SE)
Tue, 4 Nov 1997 05:09:59 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Matt: "Re: Major security-hole in kerberos rsh, rcp and rlogin."
Previous message: af@C4C.COM: "Re: IBM-ERS Security Vulnerability Alert: The AIX ftp client"
Maybe in reply to: Artur Grabowski: "Major security-hole in kerberos rsh, rcp and rlogin."
Next in thread: Matt: "Re: Major security-hole in kerberos rsh, rcp and rlogin."

To remove some of the panic:  to activate the bug, it is required that
there are valid tickets for the target user laying around somewhere on
your system (usually in /tmp/).

The bug is still a very serious one.

e96_agr> //Artur Grabowski (administrator on stacken.kth.se)

Credits where credits are due:  the bug was discovered by
Mattias Amnefelt <mattiasa@stacken.kth.se>

--
Richard Levitte   \ Spannvägen 38, II \ LeViMS@stacken.kth.se
Vice Chairman and  \ S-161 43  BROMMA  \ T: +46-8-26 52 47
Redakteur @ Stacken \      SWEDEN       \ or +46-708-20 09 64
Tell the users you lov'em, say it with a flower.
Give them a Triffid!                       -- bastard@bofh.se

Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.

Next message: Matt: "Re: Major security-hole in kerberos rsh, rcp and rlogin."
Previous message: af@C4C.COM: "Re: IBM-ERS Security Vulnerability Alert: The AIX ftp client"
Maybe in reply to: Artur Grabowski: "Major security-hole in kerberos rsh, rcp and rlogin."
Next in thread: Matt: "Re: Major security-hole in kerberos rsh, rcp and rlogin."