Re: BoS: CERT Vendor-Initiated Bulletin VB-97.08 - Transarc

Julian Assange (proff@SUBURBIA.NET)
Sat, 27 Sep 1997 18:14:36 +1000

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: John W. Temples: "msql access control"
Previous message: Andrew Tridgell: "Security bugfix for Samba"

[..]
> The vulnerability stems from an incorrect interpretation of the
> situation which occurs when an AFS klog binary is not found by
> login.dce.
>
> If there is a klog binary in ANY of the following standard locations,
> the vulnerability will NOT occur:
>
> /opt/dcelocal/bin/klog

Two words. Resource. Starvation.

[..]
> A workaround is possible as well: simply install any program which
> produces output on stdout in one of the standard klog locations.
[..]
> (A "hello, world" program or shell script is sufficient; as long as
> it puts something on stdout, it's good enough. Optimally, install
> the actual AFS klog program in one of the above locations.)

Two words. Resource. Starvation.

Nice to see CERT advisories have become totally unmoderated :)

--
Prof. Julian Assange  |Little Fly, Thy Summer's Play My thoughtless hand Has
                      |Brush'd away. Am not I A fly like thee? Or are thou A
proff@iq.org          |man like me? For I dance, And drink, and sing, Till
proff@gnu.ai.mit.edu  |some blind hand Shall brush my wing. -Blake

Next message: John W. Temples: "msql access control"
Previous message: Andrew Tridgell: "Security bugfix for Samba"