[5481] in bugtraq
Re: Major security-hole in kerberos rsh, rcp and rlogin.
daemon@ATHENA.MIT.EDU (Richard Levitte - VMS Whacker)
Tue Nov 4 00:15:43 1997
Date: Tue, 4 Nov 1997 05:09:59 +0100
Reply-To: Richard Levitte - VMS Whacker <LeViMS@STACKEN.KTH.SE>
From: Richard Levitte - VMS Whacker <LeViMS@STACKEN.KTH.SE>
X-To: e96_agr@e.kth.se
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Your message of "Mon, 3 Nov 1997 02:18:49 +0100"
From: Artur Grabowski <e96_agr@E.KTH.SE>
e96_agr> The hole allows any user on the system to gain privilegies of
e96_agr> any other user including root.
To remove some of the panic: to activate the bug, it is required that
there are valid tickets for the target user laying around somewhere on
your system (usually in /tmp/).
The bug is still a very serious one.
e96_agr> //Artur Grabowski (administrator on stacken.kth.se)
Credits where credits are due: the bug was discovered by
Mattias Amnefelt <mattiasa@stacken.kth.se>
--
Richard Levitte \ Spannv=E4gen 38, II \ LeViMS@stacken.kth.se
Vice Chairman and \ S-161 43 BROMMA \ T: +46-8-26 52 47
Redakteur @ Stacken \ SWEDEN \ or +46-708-20 09 64
Tell the users you lov'em, say it with a flower.
Give them a Triffid! -- bastard@bofh.se
Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
