>>>>> "Micah" == Micah Anderson <[EMAIL PROTECTED]> writes:
Micah> Package: openssh-krb5 Severity: important Tags: security
Micah> CAN-2005-2798[1] reads:
Micah> sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials
Micah> is enabled, allows GSSAPI credentials to be delegated to
Micah> clients who log in using non-GSSAPI methods, which could
Micah> cause those credentials to be exposed to untrusted users or
Micah> hosts.
Micah> Since GASSAPI features are enabled in openssh-krb5/ssh-krb5
Micah> and the source package tends to use older gassapi source,
Micah> so it is likely these binaries are vulnerable.
Could someone explain to me why this is a problem? I actually use
this as a feature regularly.
If you don't want the other end of the connection to have your
credentials, why are you shoving them over the wire.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
