Re: Major security-hole in kerberos rsh, rcp and rlogin.

Richard Levitte - VMS Whacker (LeViMS@STACKEN.KTH.SE)
Tue, 04 Nov 1997 05:09:59 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Previous message: af@C4C.COM: "Re: IBM-ERS Security Vulnerability Alert: The AIX ftp client"
Maybe in reply to: Artur Grabowski: "Major security-hole in kerberos rsh, rcp and rlogin."

From: Artur Grabowski <e96_agr@E.KTH.SE>
e96_agr> The hole allows any user on the system to gain privilegies of
e96_agr> any other user including root.

To remove some of the panic: to activate the bug, it is required that
there are valid tickets for the target user laying around somewhere on
your system (usually in /tmp/).

The bug is still a very serious one.

e96_agr> //Artur Grabowski (administrator on stacken.kth.se)

Credits where credits are due: the bug was discovered by
Mattias Amnefelt <mattiasa@stacken.kth.se>

-- Richard Levitte \ Spannvägen 38, II \ LeViMS@stacken.kth.se Vice Chairman and \ S-161 43 BROMMA \ T: +46-8-26 52 47 Redakteur @ Stacken \ SWEDEN \ or +46-708-20 09 64 Tell the users you lov'em, say it with a flower. Give them a Triffid! -- bastard@bofh.se

Unsolicited commercial email is subject to an archival fee of $400. See <http://www.stacken.kth.se/~levitte/mail/> for more info.

Previous message: af@C4C.COM: "Re: IBM-ERS Security Vulnerability Alert: The AIX ftp client"
Maybe in reply to: Artur Grabowski: "Major security-hole in kerberos rsh, rcp and rlogin."