O'Reilly Network: Insecurities in a Nutshell: KTH Kerberos, Red Hat PAM, and More
Dec 14, 2000, 16:12 (0 Talkback[s])
(Other stories by Noel Davis)
"Problems this week include root exploits in the MarkVision
printer drivers package, local and remote root exploits in KTH
Kerberos, buffer overflows in Red Hat's PAM, a discussion of
security problems with web-based applications, and an example of
one of these web-based security problems in phpGroupWare."
Kerberos is a network authentication protocol that uses a
secret-key to provide authentication over insecure networks. There
are two primary Kerberos packages: MIT and KTH. KTH Kerberos is
included in OpenBSD and FreeBSD. There are three vulnerabilities in
KTH Kerberos IV: It honors some environmental variables, there is a
buffer overflow in the protocol parsing code, and there is a race
condition in the ticket file writing code. These problems can lead
to local and remote root vulnerabilities."
"Red Hat PAM
There is a problem with the PAM system in Red Hat 7 and an update
that was issued for Red Hat 6.x. Both versions included a module
named pam_localuser. This module is vulnerable to a buffer
overflow. Even though this module is not used by default, Red Hat
has released a new version that fixes the buffer overflow and fixes
some other bugs."