On 17 May 00, at 22:46, CERT Advisory wrote: > * Systems running services authenticated via Kerberos 4 > * Some systems running services authenticated via Kerberos 5 > * Systems running the Kerberized remote shell daemon (krshd) > * Systems with the Kerberos 5 ksu utility installed > * Systems with the Kerberos 5 v4rcp utility installed > I. Description > There are at least four distinct vulnerabilities in various versions > and implementations of the Kerberos software. All of these > vulnerabilities may be exploited to obtain root privileges. > > Buffer overflow in krb_rd_req() library function > Buffer overflow in krb425_conv_principal() library function > Buffer overflow in krshd > Buffer overflow in ksu For a fuller treatment than the obviously watered down CERT advisory: http://web.mit.edu/kerberos/www/advisories/krb4buf.txt ======================================== Sthitaprajna @mailandnews.com ======================================== ----------------------------------------------------------------------- LIH is all for free speech. But it was created for a purpose - to help people discuss issues about installing and running Linux. If your messages are counterproductive to this purpose, your privileges to submit messages can and will be revoked.
