[5520] in bugtraq
Re: Major security-hole in kerberos rsh, rcp and rlogin.
daemon@ATHENA.MIT.EDU (Robert Watson)
Sat Nov 8 01:28:01 1997
Date: Fri, 7 Nov 1997 23:53:51 -0500
Reply-To: Robert Watson <robert+freebsd@cyrus.watson.org>
From: Robert Watson <robert@CYRUS.WATSON.ORG>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199711071626.JAA22305@demiurge.BSDI.COM>
On Fri, 7 Nov 1997, Jeff Polk wrote:
> > just a note...
> > it appears the bsdi version of su uses kerbose tickets if kerbose is
> > configured.
>
> Yes, but the BSDI kerberosIV implementation does not appear to
> have the problem (the tf_init() routine which opens the ticket
> file checks to see that the real uid of the process is either
> root or owns the ticket file).
Similarly, my tests on FreeBSD 2.2.2-RELEASE (and above) indicate that the
system is not vulnerable.
Robert N Watson
Junior, Logic+Computation, Carnegie Mellon University http://www.cmu.edu/
Network Administrator, SafePort Network Services http://www.safeport.com/
robert@fledge.watson.org rwatson@safeport.com http://www.watson.org/~robert/
