[30351] in Kerberos
Re: ZDNet UK: Kerberos harbours critical flaws
daemon@ATHENA.MIT.EDU (Ken Raeburn)
Mon Oct 13 12:33:05 2008
From: Ken Raeburn <raeburn@mit.edu>
To: "Paul Moore" <paul.moore@centrify.com>
In-Reply-To: <BB7E16A14DE689469A181EC770AFBF4D021FE6FB@exch-one.centrify.com>
Message-Id: <49679D29-C531-48B4-B802-D8E689DAEECA@mit.edu>
Mime-Version: 1.0 (Apple Message framework v929.2)
Date: Mon, 13 Oct 2008 12:32:42 -0400
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Oct 13, 2008, at 12:23, Paul Moore wrote:
> Which bugs is this article referring to
>
> ------------------------------------------------------------
> http://news.zdnet.co.uk/security/0,1000000189,39165276,00.htm
>
> Kerberos harbours critical flaws
>
> The network-authentication technology can leave computers running
> Unix, Linux
> or Mac OS X vulnerable
They mention double-free problems, and the article is from September
2004, so I expect it's referring to the flaw in advisory MITKRB5-
SA-2004-002 (listed at http://web.mit.edu/kerberos/advisories/) which
had come out a few days before.
Ken
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
