[5310] in bugtraq
Re: BoS: CERT Vendor-Initiated Bulletin VB-97.08 - Transarc
daemon@ATHENA.MIT.EDU (Julian Assange)
Sat Sep 27 11:43:57 1997
Date: Sat, 27 Sep 1997 18:14:36 +1000
Reply-To: proff@SUBURBIA.NET
From: Julian Assange <proff@SUBURBIA.NET>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.SUN.3.94.970925140406.8476A@dfw.dfw.net> from Aleph One at
"Sep 25, 97 02:04:06 pm"
[..]
> The vulnerability stems from an incorrect interpretation of the
> situation which occurs when an AFS klog binary is not found by
> login.dce.
>
> If there is a klog binary in ANY of the following standard locations,
> the vulnerability will NOT occur:
>
> /opt/dcelocal/bin/klog
Two words. Resource. Starvation.
[..]
> A workaround is possible as well: simply install any program which
> produces output on stdout in one of the standard klog locations.
[..]
> (A "hello, world" program or shell script is sufficient; as long as
> it puts something on stdout, it's good enough. Optimally, install
> the actual AFS klog program in one of the above locations.)
Two words. Resource. Starvation.
Nice to see CERT advisories have become totally unmoderated :)
--
Prof. Julian Assange |Little Fly, Thy Summer's Play My thoughtless hand Has
|Brush'd away. Am not I A fly like thee? Or are thou A
proff@iq.org |man like me? For I dance, And drink, and sing, Till
proff@gnu.ai.mit.edu |some blind hand Shall brush my wing. -Blake
