Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


More on LinuxToday


MIT: Buffer Overrun Vulnerabilities In Kerberos

May 18, 2000, 20:48 (2 Talkback[s])

"Serious buffer overrun vulnerabilities exist in many implementations of Kerberos 4, including implementations included for backwards compatibility in Kerberos 5 implementations. Other less serious buffer overrun vulnerabilites have also been discovered. ALL KNOWN KERBEROS 4 IMPLEMENTATIONS derived from MIT sources are believed to be vulnerable.

IMPACT:

  • A remote user may gain unauthorized root access to a machine running services authenticated with Kerberos 4.
  • A remote user may gain unauthorized root access to a machine running krshd, regardless of whether the program is configured to accept Kerberos 4 authentication.
  • A local user may gain unauthorized root access by exploiting v4rcp or ksu."

Complete Story