[15642] in bugtraq
Re: Kerberos security vulnerability in SSH-1.2.27
daemon@ATHENA.MIT.EDU (Carson Gaspar)
Wed Jul 5 20:16:44 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <14687.47443.522123.846923@taltos.tla.org>
Date: Sun, 2 Jul 2000 17:51:15 -0400
Reply-To: carson@tla.org
From: Carson Gaspar <carson@TLA.ORG>
X-To: "Richard E. Silverman" <slade@SHORE.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <200007010511.BAA16944@syrinx.oankali.net>
<sigh> I patched kerberos support in a previous SSH 1.2.x release, but it
never made it back into the source. The whole ticket handling disaster
should be ripped out and re-done. Assuming KRB5CCNAME contains "FILE:blah"
and unlinking whatever is after FILE: is _very_ _bad_.
If anyone cares, the patches are on the CD that comes with the SSH book, and
should be easily forward portable. They were quick fixes for the _obviously_
bad things, and should probably be audited more thoroughly.
--
Carson Gaspar -- carson@tla.org
Queen Trapped in a Butch Body
