|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Kerberos security vulnerability in SSH-1.2.27
From: Carson Gaspar (carson
TLA.ORG)Date: Sun Jul 02 2000 - 16:51:15 CDT
- Next message: Roger Burton West: "Re: FTGate and POP3 protocol"
- Previous message: Philip Guenther: "Re: Nasty hole in postifx/procmail/cyrus"
- In reply to: Richard E. Silverman: "Kerberos security vulnerability in SSH-1.2.27"
- Next in thread: Dug Song: "Re: Kerberos security vulnerability in SSH-1.2.27"
- Next in thread: Schlachter, Jake: "Re: Kerberos security vulnerability in SSH-1.2.27"
- Reply: Carson Gaspar: "Re: Kerberos security vulnerability in SSH-1.2.27"
- Reply: Dug Song: "Re: Kerberos security vulnerability in SSH-1.2.27"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
<sigh> I patched kerberos support in a previous SSH 1.2.x release, but it
never made it back into the source. The whole ticket handling disaster
should be ripped out and re-done. Assuming KRB5CCNAME contains "FILE:blah"
and unlinking whatever is after FILE: is _very_ _bad_.
If anyone cares, the patches are on the CD that comes with the SSH book, and
should be easily forward portable. They were quick fixes for the _obviously_
bad things, and should probably be audited more thoroughly.
-- Carson Gaspar -- carson
- Next message: Roger Burton West: "Re: FTGate and POP3 protocol"
- Previous message: Philip Guenther: "Re: Nasty hole in postifx/procmail/cyrus"
- In reply to: Richard E. Silverman: "Kerberos security vulnerability in SSH-1.2.27"
- Next in thread: Dug Song: "Re: Kerberos security vulnerability in SSH-1.2.27"
- Next in thread: Schlachter, Jake: "Re: Kerberos security vulnerability in SSH-1.2.27"
- Reply: Carson Gaspar: "Re: Kerberos security vulnerability in SSH-1.2.27"
- Reply: Dug Song: "Re: Kerberos security vulnerability in SSH-1.2.27"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]