[15658] in bugtraq
Re: Kerberos security vulnerability in SSH-1.2.27
daemon@ATHENA.MIT.EDU (Dug Song)
Thu Jul 6 14:25:58 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.BSO.4.20.0007060949200.7294-100000@naughty.monkey.org>
Date: Thu, 6 Jul 2000 09:53:59 -0400
Reply-To: Dug Song <dugsong@MONKEY.ORG>
From: Dug Song <dugsong@MONKEY.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <14687.47443.522123.846923@taltos.tla.org>
On Sun, 2 Jul 2000, Carson Gaspar wrote:
> <sigh> I patched kerberos support in a previous SSH 1.2.x release, but it
> never made it back into the source. The whole ticket handling disaster
> should be ripped out and re-done. Assuming KRB5CCNAME contains "FILE:blah"
> and unlinking whatever is after FILE: is _very_ _bad_.
this broken behaviour was never in the Kerberos v4/AFS patch upon which
the Kerberos v5 support in ssh-1.2.x was based, nor was it ever in the
Kerberos v4 support in OpenSSH...
-d.
---
http://www.monkey.org/~dugsong/
