Root privs with kerberos bug?
imc_dl@t-online.de
imc_dl at t-online.de
Mon Jun 10 05:53:53 EDT 2002
Does anybody have information concerning the
following security problem:
- - - - - -
Kerberos security problems
There has been discovered a security-hole in kerberized rsh, rcp and
rlogin.
Everyone who has setuid-bits set on these applications is adviced to
disable them. The hole allows any user on the system to gain
privilegies of any other user including root.
The hole has been successfully tested on kth-kerberos, but is suspected
to
exist on any other versions of kerberos.
- - - - - -
Thanks
* Dieter *
More information about the Kerberos
mailing list