Bugtraq mailing list archives
Re: Kerberos security vulnerability in SSH-1.2.27
From: dugsong () MONKEY ORG (Dug Song)
Date: Thu, 6 Jul 2000 09:53:59 -0400
On Sun, 2 Jul 2000, Carson Gaspar wrote:
<sigh> I patched kerberos support in a previous SSH 1.2.x release, but it never made it back into the source. The whole ticket handling disaster should be ripped out and re-done. Assuming KRB5CCNAME contains "FILE:blah" and unlinking whatever is after FILE: is _very_ _bad_.
this broken behaviour was never in the Kerberos v4/AFS patch upon which the Kerberos v5 support in ssh-1.2.x was based, nor was it ever in the Kerberos v4 support in OpenSSH... -d. --- http://www.monkey.org/~dugsong/
Current thread:
- Kerberos security vulnerability in SSH-1.2.27 Richard E. Silverman (Jun 30)
- Re: Kerberos security vulnerability in SSH-1.2.27 Carson Gaspar (Jul 02)
- Re: Kerberos security vulnerability in SSH-1.2.27 Dug Song (Jul 06)
- [RHSA-2000:041-02] man package's 'makewhatis' uses insecure handling of files in /tmp bugzilla () REDHAT COM (Jul 03)
- Re: Kerberos security vulnerability in SSH-1.2.27 Schlachter, Jake (Jul 05)
- Re: Kerberos security vulnerability in SSH-1.2.27 Atro Tossavainen (Jul 06)
- <Possible follow-ups>
- Re: Kerberos security vulnerability in SSH-1.2.27 anne () SSH COM (Jul 07)
- Re: Kerberos security vulnerability in SSH-1.2.27 Carson Gaspar (Jul 02)