MITKRB5-SA-2004-001: buffer overflows in krb5_aname_to_localname
Tom Yu
tlyu at MIT.EDU
Tue Jun 1 17:35:03 EDT 2004
>>>>> "john" == John Hascall <john at iastate.edu> writes:
>> Only configurations which enable the explicit mapping or rules-based
>> mapping functionality of krb5_aname_to_localname() are vulnerable.
>> These configurations are not the default.
john> Ok, how do we know if we have enabled either of these?
john> Is it a krb5.conf setting or ...?
I think the vulnerable configurations have entries of the form
auth_to_local_names = {
aname = lname
}
(explicit mapping) or
auth_to_local = RULE:foo
(rule-based mapping) inside a realm subsection in krb5.conf.
---Tom
More information about the Kerberos
mailing list