|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: BoS: CERT Vendor-Initiated Bulletin VB-97.08 - Transarc
Julian Assange (proff
SUBURBIA.NET)Sat, 27 Sep 1997 18:14:36 +1000
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: John W. Temples: "msql access control"
- Previous message: Andrew Tridgell: "Security bugfix for Samba"
- In reply to: Aleph One: "CERT Vendor-Initiated Bulletin VB-97.08 - Transarc"
[..]
> The vulnerability stems from an incorrect interpretation of the
> situation which occurs when an AFS klog binary is not found by
> login.dce.
>
> If there is a klog binary in ANY of the following standard locations,
> the vulnerability will NOT occur:
>
> /opt/dcelocal/bin/klog
Two words. Resource. Starvation.
[..]
> A workaround is possible as well: simply install any program which
> produces output on stdout in one of the standard klog locations.
[..]
> (A "hello, world" program or shell script is sufficient; as long as
> it puts something on stdout, it's good enough. Optimally, install
> the actual AFS klog program in one of the above locations.)
Two words. Resource. Starvation.
Nice to see CERT advisories have become totally unmoderated :)
--
Prof. Julian Assange |Little Fly, Thy Summer's Play My thoughtless hand Has
|Brush'd away. Am not I A fly like thee? Or are thou A
proffiq.org |man like me? For I dance, And drink, and sing, Till
proffgnu.ai.mit.edu |some blind hand Shall brush my wing. -Blake
- Next message: John W. Temples: "msql access control"
- Previous message: Andrew Tridgell: "Security bugfix for Samba"
- In reply to: Aleph One: "CERT Vendor-Initiated Bulletin VB-97.08 - Transarc"