Linux Today: Linux News On Internet Time.





More on LinuxToday


O'Reilly Network: Insecurities in a Nutshell: KTH Kerberos, Red Hat PAM, and More

Dec 14, 2000, 16:12 (0 Talkback[s])
(Other stories by Noel Davis)

WEBINAR: On-demand Event

Replace Oracle with the NoSQL Engagement Database: Why and how leading companies are making the switch REGISTER >

"Problems this week include root exploits in the MarkVision printer drivers package, local and remote root exploits in KTH Kerberos, buffer overflows in Red Hat's PAM, a discussion of security problems with web-based applications, and an example of one of these web-based security problems in phpGroupWare."

"KTH Kerberos
Kerberos is a network authentication protocol that uses a secret-key to provide authentication over insecure networks. There are two primary Kerberos packages: MIT and KTH. KTH Kerberos is included in OpenBSD and FreeBSD. There are three vulnerabilities in KTH Kerberos IV: It honors some environmental variables, there is a buffer overflow in the protocol parsing code, and there is a race condition in the ticket file writing code. These problems can lead to local and remote root vulnerabilities."

"Red Hat PAM
There is a problem with the PAM system in Red Hat 7 and an update that was issued for Red Hat 6.x. Both versions included a module named pam_localuser. This module is vulnerable to a buffer overflow. Even though this module is not used by default, Red Hat has released a new version that fixes the buffer overflow and fixes some other bugs."

Complete Story

Related Stories: