Root privs with kerberos bug? imc_dl at
Mon Jun 10 05:53:53 EDT 2002

Does anybody have information concerning the
following security problem:

- - - - - -
Kerberos security problems

There has been discovered a security-hole in kerberized rsh, rcp and

Everyone who has setuid-bits set on these applications is adviced to
disable  them.  The hole allows any user on the system to gain
privilegies of any other user  including root. 

The hole has been successfully tested on kth-kerberos, but is suspected
exist on any other versions of kerberos. 

- - - - - -


* Dieter *

More information about the Kerberos mailing list